Vulnerabilities > CVE-2019-5039 - Out-of-bounds Write vulnerability in Openweave Openweave-Core 4.0.2
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
An exploitable command execution vulnerability exists in the ASN1 certificate writing functionality of Openweave-core version 4.0.2. A specially crafted weave certificate can trigger a heap-based buffer overflow, resulting in code execution. An attacker can craft a weave certificate to trigger this vulnerability.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Talos
id | TALOS-2019-0802 |
last seen | 2019-08-31 |
published | 2019-08-19 |
reporter | Talos Intelligence |
source | http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0802 |
title | Nest Labs Openweave Weave ASN1Writer PutValue Code Execution Vulnerability |