UpdateHub Might Dereference An Uninitialized Pointer

Description

In updatehub_probe, right after JSON parsing is complete, objects[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak..

See NCC-ZEP-030

Environment

None

Activity

Show:
David Brown
March 10, 2020, 11:07 PM

Giving level “low” as exploitablility seems low.

 

David Brown
August 21, 2020, 7:56 PM

Tracked in github at

Assignee

Gerson Fernando Budke

Reporter

David Brown

Labels

None

Authorized viewers

None

CVE

CVE-2020-10060

Embargo Lift

None

Components

Fix versions

Affects versions

Priority

Low
Configure