CVE-2020-28951

Published: Nov 19, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uci_parse_package in file.c and uci_strdup in util.c.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://git.openwrt.org/?p=project/uci.git%3Ba=commit%3Bh=a3e650911f5e6f67dcff09974df3775dfd615da6

x_refsource_MISC

https://git.openwrt.org/?p=openwrt/openwrt.git%3Ba=commit%3Bh=5625f5bc36954d644cb80adf8de47854c65d91c3

x_refsource_MISC

https://git.openwrt.org/?p=openwrt/openwrt.git%3Ba=log%3Bh=refs/tags/v18.06.9

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-28951

Description

Affected Products

References