CVE-2020-10060 - OpenCVE

In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak. Provided the fix in CVE-2020-10059 is applied, the attack requires compromise of the server. See NCC-ZEP-030 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zephyrproject	Zephyr

Configuration 1 [-]

cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10060
https://github.com/zephyrproject-rtos/zephyr/pull/27865
https://github.com/zephyrproject-rtos/zephyr/pull/27889
https://github.com/zephyrproject-rtos/zephyr/pull/27891
https://github.com/zephyrproject-rtos/zephyr/pull/27893
https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-37

History

No history.

MITRE

Status: PUBLISHED

Assigner: zephyr

Published: 2020-05-11T22:26:16.934239Z

Updated: 2024-09-16T23:31:11.924Z

Reserved: 2020-03-04T00:00:00

Link: CVE-2020-10060

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-05-11T23:15:12.020

Modified: 2021-10-18T12:35:24.937

Link: CVE-2020-10060

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "zephyr", "vendor": "zephyrproject-rtos", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "2.1.0", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "2.2.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "NCC Group for report"}], "datePublic": "2020-05-01T00:00:00", "descriptions": [{"lang": "en", "value": "In updatehub_probe, right after JSON parsing is complete, objects\\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak. Provided the fix in CVE-2020-10059 is applied, the attack requires compromise of the server. See NCC-ZEP-030 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-10-02T14:01:00", "orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad", "shortName": "zephyr"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-37"}, {"tags": ["x_refsource_MISC"], "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10060"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/zephyrproject-rtos/zephyr/pull/27865"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/zephyrproject-rtos/zephyr/pull/27889"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/zephyrproject-rtos/zephyr/pull/27891"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/zephyrproject-rtos/zephyr/pull/27893"}], "source": {"defect": ["https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-37"], "discovery": "EXTERNAL"}, "title": "UpdateHub Might Dereference An Uninitialized Pointer", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnerabilities@zephyrproject.org", "DATE_PUBLIC": "2020-05-01T00:00:00.000Z", "ID": "CVE-2020-10060", "STATE": "PUBLIC", "TITLE": "UpdateHub Might Dereference An Uninitialized Pointer"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "zephyr", "version": {"version_data": [{"version_affected": ">=", "version_value": "2.1.0"}, {"version_affected": ">=", "version_value": "2.2.0"}]}}]}, "vendor_name": "zephyrproject-rtos"}]}}, "credit": [{"lang": "eng", "value": "NCC Group for report"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In updatehub_probe, right after JSON parsing is complete, objects\\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak. Provided the fix in CVE-2020-10059 is applied, the attack requires compromise of the server. See NCC-ZEP-030 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}]}, "references": {"reference_data": [{"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-37", "refsource": "MISC", "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-37"}, {"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10060", "refsource": "MISC", "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10060"}, {"name": "https://github.com/zephyrproject-rtos/zephyr/pull/27865", "refsource": "CONFIRM", "url": "https://github.com/zephyrproject-rtos/zephyr/pull/27865"}, {"name": "https://github.com/zephyrproject-rtos/zephyr/pull/27889", "refsource": "CONFIRM", "url": "https://github.com/zephyrproject-rtos/zephyr/pull/27889"}, {"name": "https://github.com/zephyrproject-rtos/zephyr/pull/27891", "refsource": "CONFIRM", "url": "https://github.com/zephyrproject-rtos/zephyr/pull/27891"}, {"name": "https://github.com/zephyrproject-rtos/zephyr/pull/27893", "refsource": "CONFIRM", "url": "https://github.com/zephyrproject-rtos/zephyr/pull/27893"}]}, "source": {"defect": ["https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-37"], "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:50:57.868Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-37"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10060"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/zephyrproject-rtos/zephyr/pull/27865"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/zephyrproject-rtos/zephyr/pull/27889"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/zephyrproject-rtos/zephyr/pull/27891"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/zephyrproject-rtos/zephyr/pull/27893"}]}]}, "cveMetadata": {"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad", "assignerShortName": "zephyr", "cveId": "CVE-2020-10060", "datePublished": "2020-05-11T22:26:16.934239Z", "dateReserved": "2020-03-04T00:00:00", "dateUpdated": "2024-09-16T23:31:11.924Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C2C38E4-CE91-4384-AD78-203DDCE58738", "versionEndExcluding": "2.4.0", "versionStartIncluding": "2.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In updatehub_probe, right after JSON parsing is complete, objects\\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak. Provided the fix in CVE-2020-10059 is applied, the attack requires compromise of the server. See NCC-ZEP-030 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions."}, {"lang": "es", "value": "En la funci\u00f3n updatehub_probe, justo despu\u00e9s que el an\u00e1lisis JSON es completado, objects\\[1] es accedido desde la estructura de salida en dos lugares diferentes. Si el JSON conten\u00eda menos de dos elementos, este acceso har\u00eda referencia a la memoria de la pila no inicializada. Esto podr\u00eda resultar en un bloqueo, una denegaci\u00f3n de servicio o posiblemente un filtrado de informaci\u00f3n. Siempre que la correcci\u00f3n en el CVE-2020-10059 sea aplicada, el ataque requiere un compromiso del servidor. Consulte NCC-ZEP-030. Este problema afecta a: zephyrproject-rtos zephyr versi\u00f3n 2.1.0 y versiones posteriores. versi\u00f3n 2.2.0 y versiones posteriores"}], "id": "CVE-2020-10060", "lastModified": "2021-10-18T12:35:24.937", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 6.0, "source": "vulnerabilities@zephyrproject.org", "type": "Secondary"}]}, "published": "2020-05-11T23:15:12.020", "references": [{"source": "vulnerabilities@zephyrproject.org", "tags": ["Vendor Advisory"], "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10060"}, {"source": "vulnerabilities@zephyrproject.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/zephyrproject-rtos/zephyr/pull/27865"}, {"source": "vulnerabilities@zephyrproject.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/zephyrproject-rtos/zephyr/pull/27889"}, {"source": "vulnerabilities@zephyrproject.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/zephyrproject-rtos/zephyr/pull/27891"}, {"source": "vulnerabilities@zephyrproject.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/zephyrproject-rtos/zephyr/pull/27893"}, {"source": "vulnerabilities@zephyrproject.org", "tags": ["Third Party Advisory"], "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-37"}], "sourceIdentifier": "vulnerabilities@zephyrproject.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-824"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-119"}], "source": "vulnerabilities@zephyrproject.org", "type": "Secondary"}]}