CVE-2020-10019 - OpenCVE

USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against the buffer size. This could be used by a malicious USB host to exploit the buffer overflow. See NCC-ZEP-002 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zephyrproject	Zephyr

Configuration 1 [-]

OR	cpe:2.3:o:zephyrproject:zephyr::::::::
	cpe:2.3:o:zephyrproject:zephyr::::::::

No data.

References

Link	Providers
https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10019
https://github.com/zephyrproject-rtos/zephyr/pull/23190
https://github.com/zephyrproject-rtos/zephyr/pull/23457
https://github.com/zephyrproject-rtos/zephyr/pull/23460
https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-25

History

No history.

MITRE

Status: PUBLISHED

Assigner: zephyr

Published: 2020-05-11T22:26:11.452886Z

Updated: 2024-09-17T02:12:14.643Z

Reserved: 2020-03-03T00:00:00

Link: CVE-2020-10019

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-05-11T23:15:11.317

Modified: 2020-06-05T18:15:11.230

Link: CVE-2020-10019

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "zephyr", "vendor": "zephyrproject-rtos", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "1.14.1", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "2.1.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "NCC Group for report"}], "datePublic": "2020-05-01T00:00:00", "descriptions": [{"lang": "en", "value": "USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against the buffer size. This could be used by a malicious USB host to exploit the buffer overflow. See NCC-ZEP-002 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "description": "CWE-120 Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-06-05T17:37:36", "orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad", "shortName": "zephyr"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-25"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23190"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23457"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23460"}, {"tags": ["x_refsource_MISC"], "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10019"}], "source": {"defect": ["https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-25"], "discovery": "EXTERNAL"}, "title": "Buffer Overflow in USB DFU requested length", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnerabilities@zephyrproject.org", "DATE_PUBLIC": "2020-05-01T00:00:00.000Z", "ID": "CVE-2020-10019", "STATE": "PUBLIC", "TITLE": "Buffer Overflow in USB DFU requested length"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "zephyr", "version": {"version_data": [{"version_affected": ">=", "version_value": "1.14.1"}, {"version_affected": ">=", "version_value": "2.1.0"}]}}]}, "vendor_name": "zephyrproject-rtos"}]}}, "credit": [{"lang": "eng", "value": "NCC Group for report"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against the buffer size. This could be used by a malicious USB host to exploit the buffer overflow. See NCC-ZEP-002 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-120 Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-25", "refsource": "MISC", "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-25"}, {"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23190", "refsource": "MISC", "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23190"}, {"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23457", "refsource": "MISC", "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23457"}, {"name": "https://github.com/zephyrproject-rtos/zephyr/pull/23460", "refsource": "MISC", "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23460"}, {"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10019", "refsource": "MISC", "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10019"}]}, "source": {"defect": ["https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-25"], "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:50:57.278Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-25"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23190"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23457"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23460"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10019"}]}]}, "cveMetadata": {"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad", "assignerShortName": "zephyr", "cveId": "CVE-2020-10019", "datePublished": "2020-05-11T22:26:11.452886Z", "dateReserved": "2020-03-03T00:00:00", "dateUpdated": "2024-09-17T02:12:14.643Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*", "matchCriteriaId": "548B8018-2D83-4F2E-B78D-4E487773478B", "versionEndExcluding": "1.14.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*", "matchCriteriaId": "97F3CD96-C804-457B-8A4C-08147DEB7CC0", "versionEndIncluding": "2.1.0", "versionStartIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against the buffer size. This could be used by a malicious USB host to exploit the buffer overflow. See NCC-ZEP-002 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions."}, {"lang": "es", "value": "USB DFU presenta un potencial desbordamiento del b\u00fafer donde la longitud requerida (wLength) no es comparada con el tama\u00f1o del b\u00fafer. Esto podr\u00eda ser usado por un host USB malicioso para explotar el desbordamiento del b\u00fafer. Consulte NCC-ZEP-002. Este problema afecta a: zephyrproject-rtos zephyr versi\u00f3n 1.14.1 y versiones posteriores. Versi\u00f3n 2.1.0 y versiones posteriores."}], "id": "CVE-2020-10019", "lastModified": "2020-06-05T18:15:11.230", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 6.0, "source": "vulnerabilities@zephyrproject.org", "type": "Secondary"}]}, "published": "2020-05-11T23:15:11.317", "references": [{"source": "vulnerabilities@zephyrproject.org", "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10019"}, {"source": "vulnerabilities@zephyrproject.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23190"}, {"source": "vulnerabilities@zephyrproject.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23457"}, {"source": "vulnerabilities@zephyrproject.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23460"}, {"source": "vulnerabilities@zephyrproject.org", "tags": ["Third Party Advisory"], "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-25"}], "sourceIdentifier": "vulnerabilities@zephyrproject.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-120"}], "source": "vulnerabilities@zephyrproject.org", "type": "Secondary"}]}