libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uci_parse_package in file.c and uci_strdup in util.c.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-11-19T19:01:57
Updated: 2020-11-19T19:01:57
Reserved: 2020-11-19T00:00:00
Link: CVE-2020-28951
JSON object: View
NVD Information
Status : Modified
Published: 2020-11-19T19:15:12.017
Modified: 2023-11-07T03:21:25.047
Link: CVE-2020-28951
JSON object: View
Redhat Information
No data.
CWE