2 matches found
CVE-2019-5039
CVE-2019-5039 describes an exploitable heap-based buffer overflow in the Openweave-core ASN1Writer PutValue path (Nest Nest Cam IQ Indoor, Openweave-core 4.0.2). TALOS details show an overflow in ASN1Writer::EncodeHead/PutValue when processing crafted Weave certificates, enabling code execution. ...
CVE-2019-5039
An exploitable command execution vulnerability exists in the ASN1 certificate writing functionality of Openweave-core version 4.0.2. A specially crafted weave certificate can trigger a heap-based buffer overflow, resulting in code execution. An attacker can craft a weave certificate to trigger th...