In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak. Provided the fix in CVE-2020-10059 is applied, the attack requires compromise of the server. See NCC-ZEP-030 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions.
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
The product accesses or uses a pointer that has not been initialized.
| Link | Tags |
|---|---|
| https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-37 | third party advisory |
| https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10060 | vendor advisory |
| https://github.com/zephyrproject-rtos/zephyr/pull/27865 | third party advisory patch |
| https://github.com/zephyrproject-rtos/zephyr/pull/27889 | third party advisory patch |
| https://github.com/zephyrproject-rtos/zephyr/pull/27891 | third party advisory patch |
| https://github.com/zephyrproject-rtos/zephyr/pull/27893 | third party advisory patch |