PT-2020-2038 · Openwrt · Openwrt+1
Jo-Philipp Wich
+1
·
Published
2020-03-16
·
Updated
2023-05-24
·
CVE-2020-7248
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
OpenWrt versions 18.06.0 through 18.06.6
OpenWrt versions 19.0.0 through 19.07.0
Description
The issue is related to a tagged binary data JSON serialization problem in the libubox library of OpenWrt, which may cause a stack-based buffer overflow. This could potentially allow a remote attacker to execute arbitrary code.
Recommendations
For OpenWrt versions 18.06.0 through 18.06.6, update to version 18.06.7 or later.
For OpenWrt versions 19.0.0 through 19.07.0, update to version 19.07.1 or later.
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openwrt
Libubox