3 matches found
CVE-2020-10060
In updatehubprobe, right after JSON parsing is complete, objects\1 is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an...
Design/Logic Flaw
In updatehubprobe, right after JSON parsing is complete, objects\1 is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an...
CVE-2020-10059
CVE-2020-10059 affects Zephyr Project RTOS (2.1.0 and later) via the UpdateHub module, which disables DTLS peer checking. This enables a man-in-the-middle risk, mitigated by firmware signatures, with no shown exploit details in the documents. The issue sits with the UpdateHub component and is lin...