3 matches found
CVE-2020-28951
libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uciparsepackage in file.c and ucistrdup in util.c...
Security Advisory 2020-12-09-2 - libuci import heap use after free (CVE-2020-28951)
DESCRIPTION Possibly exploitable vulnerability was found in Unified Config Interface UCI library named libuci, specifically in uciimport C API function. CVE-2020-28951 has been assigned to this issue. API: Application Programming Interface REQUIREMENTS In order to exploit this vulnerability a...
CVE-2020-28951
CVE-2020-28951 affects OpenWrt libuci. A use-after-free can occur in libuci when processing malicious package names, specifically in uci_parse_package (file.c) and uci_strdup (util.c). Affected OpenWrt versions: 18.06.0–18.06.8 and 19.07.0–19.07.4. Remediation is to upgrade to OpenWrt 18.06.9 or ...