In updatehub_probe, right after JSON parsing is complete, objects is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak..
Giving level “low” as exploitablility seems low.
Tracked in github at