VYPR

libuci

by Openwrt

CVEs (2)

  • CVE-2020-28951Nov 19, 2020
    risk 0.00cvss epss 0.02

    libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uci_parse_package in file.c and uci_strdup in util.c.

  • CVE-2019-15513Aug 23, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) before 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a…