An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
References
Link | Resource |
---|---|
https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10062 | Vendor Advisory |
https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/11b7a37d9a0b438270421b224221d91929843de4 | Patch Third Party Advisory |
https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment | Third Party Advisory |
https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-84 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: zephyr
Published: 2020-05-25T00:00:00
Updated: 2020-06-05T17:37:37
Reserved: 2020-03-04T00:00:00
Link: CVE-2020-10062
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-06-05T18:15:12.573
Modified: 2020-06-12T14:20:05.583
Link: CVE-2020-10062
JSON object: View
Redhat Information
No data.
CWE