CVE-2020-4060

Name of the Vulnerable Software and Affected Versions LoRa Basics Station versions prior to 2.0.4

Description The issue is related to a Use After Free vulnerability that leads to memory corruption. This bug is triggered on 32-bit machines when the CUPS server responds with a message where the signature length is larger than 2 GByte or the response is crafted specifically to trigger this issue. In such a scenario, Basic Station would execute a code path, where a piece of memory is accessed after it has been freed, causing the process to crash and restart again. The CUPS transaction is typically mutually authenticated over TLS. Therefore, in order to trigger this vulnerability, the attacker would have to gain access to the CUPS server first.

Recommendations For versions prior to 2.0.4, update to version 2.0.4 to fix the issue. As a temporary workaround for users operating without authentication over TLS, enable TLS authentication to minimize the risk of exploitation. Restrict access to the CUPS server to prevent unauthorized access and potential triggering of the vulnerability.