Unrated severityOSV Advisory· Published Dec 21, 2020· Updated Aug 4, 2024
CVE-2020-25860
CVE-2020-25860
Description
The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update file takes place before the file is reopened for installation. An attacker who can modify the update file just before it is reopened can install arbitrary code on the device.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <1.5
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.