Double free

2020-11-1919:15:00

PRIOn knowledge base

www.prio-n.com

9.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.5%

JSON

libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uci_parse_package in file.c and uci_strdup in util.c.

CPENameOperatorVersion
openwrtge19.07.0
openwrtlt19.07.5
openwrtlt18.06.9

Name	Operator	Version
openwrt	ge	19.07.0
openwrt	lt	19.07.5
openwrt	lt	18.06.9

References

git.openwrt.org/?p=openwrt/openwrt.git%3Ba=commit%3Bh=5625f5bc36954d644cb80adf8de47854c65d91c3

git.openwrt.org/?p=openwrt/openwrt.git%3Ba=log%3Bh=refs/tags/v18.06.9

git.openwrt.org/?p=project/uci.git%3Ba=commit%3Bh=a3e650911f5e6f67dcff09974df3775dfd615da6