Use After Free Vulnerability in OpenWrt's libuci
CVE-2020-28951

9.8CRITICAL

Key Information:

Vendor

Openwrt

Status
Openwrt
Vendor
CVE Published:
19 November 2020

What is CVE-2020-28951?

The libuci library in OpenWrt is susceptible to a use after free vulnerability that may arise when processing malicious package names. This issue, related to the functions uci_parse_package in file.c and uci_strdup in util.c, can lead to unintended behavior if exploited, potentially compromising the integrity and functionality of the system.

References

https://git.openwrt.org/?p=project/uci.git%3Ba=commit%3Bh...
x_refsource_MISC
https://git.openwrt.org/?p=openwrt/openwrt.git%3Ba=commit...
x_refsource_MISC
https://git.openwrt.org/?p=openwrt/openwrt.git%3Ba=log%3B...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.