CVE-2020-10022 - A malformed JSON payload that is received from an UpdateHub server may tr - CVEs Blog

A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. This could result in a denial of service in the best case, or code execution in the worst case. See NCC-NCC-016 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions.

Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10022

Reference (s):

https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10022
https://github.com/zephyrproject-rtos/zephyr/pull/24065
https://github.com/zephyrproject-rtos/zephyr/pull/24066
https://github.com/zephyrproject-rtos/zephyr/pull/24154
https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-28

CVE-2020-10022 – A malformed JSON payload that is received from an UpdateHub server may tr

Something Fresh

CVE-2004-1715 - Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 all

CVE-2020-27216 - In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 1

CVE-2020-27212 - STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect acce

What People Reading

CVE-2004-1715 - Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 all

CVE-2020-26212 - GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free

CVE-2020-27212 - STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect acce

CVE-2015-0320 - Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and

CVE-2015-0353 - Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.

Categories

Partners

Just add here your partners image or promo text