VYPR
Unrated severityNVD Advisory· Published Nov 19, 2020· Updated Aug 4, 2024

CVE-2020-28951

CVE-2020-28951

Description

libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uci_parse_package in file.c and uci_strdup in util.c.

Affected products

2
  • OpenWrt/libucidescription
  • Openwrt/libucillm-fuzzy
    Range: < 18.06.9, >= 19.x < 19.07.5

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.