Search criteria
5 vulnerabilities by OpenWRT
CVE-2025-62526 (GCVE-0-2025-62526)
Vulnerability from cvelistv5 – Published: 2025-10-22 14:59 – Updated: 2025-10-22 15:55
VLAI?
Title
OpenWrt ubusd vulnerable to heap buffer overflow
Summary
OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, ubusd contains a heap buffer overflow in the event registration parsing code. This allows an attacker to modify the head and potentially execute arbitrary code in the context of the ubus daemon. The affected code is executed before running the ACL checks, all ubus clients are able to send such messages. In addition to the heap corruption, the crafted subscription also results in a bypass of the listen ACL. This is fixed in OpenWrt 24.10.4. There are no workarounds.
Severity ?
7.9 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62526",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-22T15:54:53.454249Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T15:55:03.299Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openwrt",
"vendor": "openwrt",
"versions": [
{
"status": "affected",
"version": "\u003c 24.10.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, ubusd contains a heap buffer overflow in the event registration parsing code. This allows an attacker to modify the head and potentially execute arbitrary code in the context of the ubus daemon. The affected code is executed before running the ACL checks, all ubus clients are able to send such messages. In addition to the heap corruption, the crafted subscription also results in a bypass of the listen ACL. This is fixed in OpenWrt 24.10.4. There are no workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T14:59:43.577Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/openwrt/openwrt/security/advisories/GHSA-cp32-65v4-cp73",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openwrt/openwrt/security/advisories/GHSA-cp32-65v4-cp73"
},
{
"name": "https://github.com/openwrt/openwrt/commit/4b907e69ea58fc0ba35fd1755dc4ba22262af3a4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openwrt/openwrt/commit/4b907e69ea58fc0ba35fd1755dc4ba22262af3a4"
},
{
"name": "https://github.com/openwrt/openwrt/commit/a7901969932a175cded3c93bdeb65f32ed3705e6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openwrt/openwrt/commit/a7901969932a175cded3c93bdeb65f32ed3705e6"
},
{
"name": "https://github.com/openwrt/ubus/commit/60e04048a0e2f3e33651c19e62861b41be4c290f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openwrt/ubus/commit/60e04048a0e2f3e33651c19e62861b41be4c290f"
},
{
"name": "https://github.com/openwrt/ubus/commit/aa4a7ee1d3417bc11207ad0a78d579ece7fe0c13",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openwrt/ubus/commit/aa4a7ee1d3417bc11207ad0a78d579ece7fe0c13"
},
{
"name": "https://github.com/openwrt/ubus/commit/d31effb4277bd557f5ccf16d909422718c1e49d0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openwrt/ubus/commit/d31effb4277bd557f5ccf16d909422718c1e49d0"
},
{
"name": "https://openwrt.org/advisory/2025-10-22-1",
"tags": [
"x_refsource_MISC"
],
"url": "https://openwrt.org/advisory/2025-10-22-1"
}
],
"source": {
"advisory": "GHSA-cp32-65v4-cp73",
"discovery": "UNKNOWN"
},
"title": "OpenWrt ubusd vulnerable to heap buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-62526",
"datePublished": "2025-10-22T14:59:43.577Z",
"dateReserved": "2025-10-15T15:03:28.135Z",
"dateUpdated": "2025-10-22T15:55:03.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-62525 (GCVE-0-2025-62525)
Vulnerability from cvelistv5 – Published: 2025-10-22 14:59 – Updated: 2025-10-22 17:24
VLAI?
Title
OpenWrt vulnerable to local privilage escalation
Summary
OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, local users could read and write arbitrary kernel memory using the ioctls of the ltq-ptm driver which is used to drive the datapath of the DSL line. This only effects the lantiq target supporting xrx200, danube and amazon SoCs from Lantiq/Intel/MaxLinear with the DSL in PTM mode. The DSL driver for the VRX518 is not affected. ATM mode is also not affected. Most VDSL lines use PTM mode and most ADSL lines use ATM mode. OpenWrt is normally running as a single user system, but some services are sandboxed. This vulnerability could allow attackers to escape a ujail sandbox or other contains. This is fixed in OpenWrt 24.10.4. There are no workarounds.
Severity ?
7.9 (High)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62525",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-22T17:24:08.319059Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T17:24:17.273Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openwrt",
"vendor": "openwrt",
"versions": [
{
"status": "affected",
"version": "\u003c 24.10.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, local users could read and write arbitrary kernel memory using the ioctls of the ltq-ptm driver which is used to drive the datapath of the DSL line. This only effects the lantiq target supporting xrx200, danube and amazon SoCs from Lantiq/Intel/MaxLinear with the DSL in PTM mode. The DSL driver for the VRX518 is not affected. ATM mode is also not affected. Most VDSL lines use PTM mode and most ADSL lines use ATM mode. OpenWrt is normally running as a single user system, but some services are sandboxed. This vulnerability could allow attackers to escape a ujail sandbox or other contains. This is fixed in OpenWrt 24.10.4. There are no workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T14:59:15.265Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/openwrt/openwrt/security/advisories/GHSA-h427-frpr-7cqr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openwrt/openwrt/security/advisories/GHSA-h427-frpr-7cqr"
},
{
"name": "https://github.com/openwrt/openwrt/commit/2a76abc5442e3f74d95b4caa9bb57e5488fc132e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openwrt/openwrt/commit/2a76abc5442e3f74d95b4caa9bb57e5488fc132e"
},
{
"name": "https://github.com/openwrt/openwrt/commit/e001b31163a77683ee741d169f794cfa50926f37",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openwrt/openwrt/commit/e001b31163a77683ee741d169f794cfa50926f37"
},
{
"name": "https://openwrt.org/advisory/2025-10-22-2",
"tags": [
"x_refsource_MISC"
],
"url": "https://openwrt.org/advisory/2025-10-22-2"
}
],
"source": {
"advisory": "GHSA-h427-frpr-7cqr",
"discovery": "UNKNOWN"
},
"title": "OpenWrt vulnerable to local privilage escalation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-62525",
"datePublished": "2025-10-22T14:59:15.265Z",
"dateReserved": "2025-10-15T15:03:28.135Z",
"dateUpdated": "2025-10-22T17:24:17.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54143 (GCVE-0-2024-54143)
Vulnerability from cvelistv5 – Published: 2024-12-06 16:14 – Updated: 2024-12-06 20:54
VLAI?
Title
openwrt/asu allows build artifact poisoning via truncated SHA-256 hash and command injection
Summary
openwrt/asu is an image on demand server for OpenWrt based distributions. The request hashing mechanism truncates SHA-256 hashes to only 12 characters. This significantly reduces entropy, making it feasible for an attacker to generate collisions. By exploiting this, a previously built malicious image can be served in place of a legitimate one, allowing the attacker to "poison" the artifact cache and deliver compromised images to unsuspecting users. This can be combined with other attacks, such as a command injection in Imagebuilder that allows malicious users to inject arbitrary commands into the build process, resulting in the production of malicious firmware images signed with the legitimate build key. This has been patched with 920c8a1.
Severity ?
CWE
- CWE-328 - Use of Weak Hash
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:openwrt:asu:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "asu",
"vendor": "openwrt",
"versions": [
{
"lessThan": "920c8a1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54143",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T20:48:08.956659Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T20:54:32.538Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "asu",
"vendor": "openwrt",
"versions": [
{
"status": "affected",
"version": "\u003c 920c8a1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "openwrt/asu is an image on demand server for OpenWrt based distributions. The request hashing mechanism truncates SHA-256 hashes to only 12 characters. This significantly reduces entropy, making it feasible for an attacker to generate collisions. By exploiting this, a previously built malicious image can be served in place of a legitimate one, allowing the attacker to \"poison\" the artifact cache and deliver compromised images to unsuspecting users. This can be combined with other attacks, such as a command injection in Imagebuilder that allows malicious users to inject arbitrary commands into the build process, resulting in the production of malicious firmware images signed with the legitimate build key. This has been patched with 920c8a1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-328",
"description": "CWE-328: Use of Weak Hash",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T16:14:39.169Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/openwrt/asu/security/advisories/GHSA-r3gq-96h6-3v7q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openwrt/asu/security/advisories/GHSA-r3gq-96h6-3v7q"
},
{
"name": "https://github.com/openwrt/asu/commit/920c8a13d97b4d4095f0d939cf0aaae777e0f87e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openwrt/asu/commit/920c8a13d97b4d4095f0d939cf0aaae777e0f87e"
}
],
"source": {
"advisory": "GHSA-r3gq-96h6-3v7q",
"discovery": "UNKNOWN"
},
"title": "openwrt/asu allows build artifact poisoning via truncated SHA-256 hash and command injection"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-54143",
"datePublished": "2024-12-06T16:14:39.169Z",
"dateReserved": "2024-11-29T18:02:16.755Z",
"dateUpdated": "2024-12-06T20:54:32.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5102 (GCVE-0-2019-5102)
Vulnerability from cvelistv5 – Published: 2019-11-18 17:59 – Updated: 2024-08-04 19:47
VLAI?
Summary
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.
Severity ?
4 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
Credits
Discovered by Claudio Bozzato of Cisco Talos.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:56.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0893",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0893"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenWRT",
"vendor": "OpenWRT",
"versions": [
{
"status": "affected",
"version": "OpenWrt 15.05.1, via wget (busybox)"
},
{
"status": "affected",
"version": "OpenWrt 18.06.4, via wget (uclient-fetch)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Claudio Bozzato of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server\u0027s SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server\u0027s SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-12T17:51:22.497Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0893",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0893"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2019-5102",
"datePublished": "2019-11-18T17:59:30.000Z",
"dateReserved": "2019-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:47:56.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5101 (GCVE-0-2019-5101)
Vulnerability from cvelistv5 – Published: 2019-11-18 17:59 – Updated: 2024-08-04 19:47
VLAI?
Summary
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request. After an SSL connection is initialized via _ustream_ssl_init, and after any data (e.g. the client's HTTP request) is written to the stream using ustream_printf, the code eventually enters the function _ustream_ssl_poll, which is used to dispatch the read/write events
Severity ?
4 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
Credits
Discovered by Claudio Bozzato of Cisco Talos.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:55.716Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0893",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0893"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenWRT",
"vendor": "OpenWRT",
"versions": [
{
"status": "affected",
"version": "OpenWrt 15.05.1, via wget (busybox)"
},
{
"status": "affected",
"version": "OpenWrt 18.06.4, via wget (uclient-fetch)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Claudio Bozzato of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server\u0027s SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server\u0027s SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request. After an SSL connection is initialized via _ustream_ssl_init, and after any data (e.g. the client\u0027s HTTP request) is written to the stream using ustream_printf, the code eventually enters the function _ustream_ssl_poll, which is used to dispatch the read/write events"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-12T17:51:22.359Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0893",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0893"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2019-5101",
"datePublished": "2019-11-18T17:59:12.000Z",
"dateReserved": "2019-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:47:55.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}