Show pagesourceOld revisionsBacklinksBack to top × Table of Contents Security Advisory 2020-12-09-2 - libuci import heap use after free (CVE-2020-28951) DESCRIPTION REQUIREMENTS MITIGATIONS AFFECTED VERSIONS CREDITS REFERENCES Security Advisory 2020-12-09-2 - libuci import heap use after free (CVE-2020-28951) DESCRIPTION Possibly exploitable vulnerability was found in Unified Config Interface (UCI) library named libuci, specifically in uci_import() C API function. CVE-2020-28951 has been assigned to this issue. REQUIREMENTS In order to exploit this vulnerability a malicious attacker would need to provide specially crafted config file to uci_import() C API function. For example, this is possible with UCI CLI by following shell command: uci import -f malicious.config MITIGATIONS To fix this issue, update the affected libuci package using the command below. opkg update; opkg upgrade libuci The fix is contained in the following and later versions: OpenWrt 19.07: 19.07.5 (fixed by v19.07.4-19-g78c4c04dd797) OpenWrt 18.06: 18.06.9 (fixed by v18.06.8-83-g5625f5bc3695) OpenWrt master: 2020-10-27 (fixed by reboot-14782-g095cc2b7454a) AFFECTED VERSIONS To our knowledge, OpenWrt versions 18.06.0 to 18.06.8 and versions 19.07.0 to 19.07.4 are affected. The fixed packages will be integrated in the upcoming OpenWrt 18.06.9 and OpenWrt 19.07.5 releases. Older versions of OpenWrt (e.g. OpenWrt 15.05 and LEDE 17.01) are end of life and not supported any more. CREDITS This issue was identified by Jeremy Galindo, fixed by Petr Štetiar and Hauke Mehrtens. REFERENCES a3e650911f5e6f67dcff09974df3775dfd615da6 This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.OKMore information about cookies Last modified: 2020/12/09 17:43by zorun