Description
In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak. Provided the fix in CVE-2020-10059 is applied, the attack requires compromise of the server. See NCC-ZEP-030 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected products
- zephyrproject-rtos / Zephyr2.1.0 – unspecified
- zephyrproject-rtos / Zephyr2.2.0 – unspecified
References
- MISChttps://zephyrprojectsec.atlassian.net/browse/ZEPSEC-37
- MISChttps://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10060
- PATCHhttps://github.com/zephyrproject-rtos/zephyr/pull/27865
- PATCHhttps://github.com/zephyrproject-rtos/zephyr/pull/27889
- PATCHhttps://github.com/zephyrproject-rtos/zephyr/pull/27891
- PATCHhttps://github.com/zephyrproject-rtos/zephyr/pull/27893