UpdateHub Might Dereference An Uninitialized Pointer

Description

In updatehub_probe, right after JSON parsing is complete, objects[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak.

Recommend disabling updatehub until such a time as a fix can be made available.

See NCC-ZEP-030

Environment

None

Assignee

Unassigned

Reporter

David Brown

Labels

None

Authorized viewers

None

CVE

CVE-2020-10060

Embargo Lift

None

Components

Affects versions

Priority

Low
Configure