Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
Next revisionBoth sides next revision
advisory:2020-05-06-2 [2020/05/06 09:33] – created ldiradvisory:2020-05-06-2 [2020/05/06 15:24] – created ldir
Line 1: Line 1:
-Placeholder 2 - Not sure I do get this yet.+====== Security Advisory 2020-05-06-2 - relayd out-of-bounds reads of heap data and possible buffer overflow (CVE-2020-11752) ====== 
 + 
 +==== DESCRIPTION ==== 
 + 
 +relayd in OpenWrt through 19.07.2 has potential for out-of-bounds reads of heap data and possible buffer overflow.  We have not been made aware of any exploits at this time, however users are advised to update the relayd package to relayd_2020-04-25-f4d759be-1 or later. 
 + 
 + 
 +[[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11752|CVE-2020-11752]] has been assigned to this issue. 
 +==== REQUIREMENTS ==== 
 + 
 +In order to exploit this vulnerability, a malicious attacker would need to 
 +provide specially crafted relayd packet. 
 +==== MITIGATIONS ==== 
 + 
 +To fix this issue, update the affected relayd package using the command below. 
 + 
 +   opkg update; opkg upgrade relayd 
 + 
 +The fix is contained in the following and later versions: 
 + 
 +TBA:  Placeholder only 
 + 
 +  * OpenWrt master: 2020-05-?? [[https://git.openwrt.org/215598fd0389|reboot-12255-g215598fd0389]] 
 +  * OpenWrt 19.07:  2020-05-?? [[https://git.openwrt.org/6b7eeb74dbf8|v19.07.3-17-g6b7eeb74dbf8]] 
 +  * OpenWrt 18.06:  2020-05-?? [[https://git.openwrt.org/cc78f934a946|v18.06.9-6-gcc78f934a946]] 
 + 
 +==== AFFECTED VERSIONS ==== 
 + 
 +To our knowledge, OpenWrt versions 18.06.0 to 18.06.7 and versions 19.07.0 to 
 +19.07.2 are affected.  The fixed packages will be integrated in the upcoming 
 +OpenWrt 18.06.9 and OpenWrt 19.07.3 releases.  Older versions of OpenWrt (e.g. 
 +OpenWrt 15.05 and LEDE 17.01) are end of life and not supported any more. 
 + 
 +==== CREDITS ==== 
 + 
 +This issue was identified by Guido Vranken using ForAllSecure Mayhem and code fix 
 +was implemented by Kevin Darbyshire-Bryant with assistance from Guido Vranken.
  
-a 
  • Last modified: 2020/05/19 10:44
  • by zorun