UpdateHub Module Copies a Variable-Size Hash String Into a Fixed-Size Array

Description

A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. This could result in a denial of service in the best case, or code execution in the worst case.

See NCC-NCC-016

Environment

None

Assignee

Otavio Salvador

Reporter

David Brown

Labels

None

Authorized viewers

Gerson Fernando Budke
Jeremy Boone
Otavio Salvador

CVE

CVE-2020-10022

Embargo Lift

2020/05/01

Components

Affects versions

Priority

Medium
Configure