CVE-2019-20791

EUVD-2019-11328
OpenThread before 2019-12-13 has a stack-based buffer overflow in MeshCoP::Commissioner::GeneratePskc.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
Affected Products (NVD)
VendorProductVersion
googleopenthread
𝑥
< 2019-12-13
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19386
https://github.com/openthread/openthread/commit/b8c3161281f8e15873f8decabd8eac461717aefe
https://github.com/openthread/openthread/commit/c3a3a0c424322009fec3ab735fb20ce8f6e19e70
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19386
https://github.com/openthread/openthread/commit/b8c3161281f8e15873f8decabd8eac461717aefe
https://github.com/openthread/openthread/commit/c3a3a0c424322009fec3ab735fb20ce8f6e19e70