CVE-2020-7248

libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
VendorProductVersion
openwrtopenwrt
18.06.0 ≤
𝑥
< 18.06.7
openwrtopenwrt
19.07.0
openwrtopenwrt
19.07.0:rc1
openwrtopenwrt
19.07.0:rc2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/openwrt/openwrt/commits/master
https://nvd.nist.gov/vuln/detail/CVE-2020-7248#range-4512438
https://openwrt.org/advisory/2020-01-31-2
https://openwrt.org/advisory/2020-01-31-2
https://github.com/openwrt/openwrt/commits/master
https://nvd.nist.gov/vuln/detail/CVE-2020-7248#range-4512438
https://openwrt.org/advisory/2020-01-31-2
https://openwrt.org/advisory/2020-01-31-2