Описание
Multiple exploitable buffer overflow vulnerabilities exists in the PubNub message handler for the "control" channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. The strcpy at [18] overflows the buffer insteon_pubnub.channel_al, which has a size of 16 bytes.
Ссылки
- Technical DescriptionThird Party Advisory
- Technical DescriptionThird Party Advisory
Уязвимые конфигурации
Одновременно
EPSS
8.5 High
CVSS3
8.5 High
CVSS3
Дефекты
Связанные уязвимости
Multiple exploitable buffer overflow vulnerabilities exists in the PubNub message handler for the "control" channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. The `strcpy` at [18] overflows the buffer `insteon_pubnub.channel_al`, which has a size of 16 bytes.
EPSS
8.5 High
CVSS3
8.5 High
CVSS3