3 matches found
CVE-2022-28665
A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.The freshtomato-arm has a vulnerable URL-decoding feature that c...
CVE-2022-28665
CVE-2022-28665 describes a memory corruption flaw in FreshTomato 2022.1’s httpd unescape function (freshtomato-arm). The code assumes two characters follow a percent sign and performs a potentially out-of-bounds access if a '%' is followed by only one character, risking memory corruption. Public ...
FreshTomato httpd unescape memory corruption vulnerability
Summary A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. Tested Versions FreshTomato 2022.1 Product URLs...