CVE-2019-5040

Published: Aug 20, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An exploitable information disclosure vulnerability exists in the Weave MessageLayer parsing of Openweave-core version 4.0.2 and Nest Cam IQ Indoor version 4620002. A specially crafted weave packet can cause an integer overflow to occur, resulting in PacketBuffer data reuse. An attacker can send a packet to trigger this vulnerability.

Affected (2)

Products: Openweave: Openweave Core · Google: Nest Cam Iq Indoor Firmware

1 product

1 product

Nest Cam Iq Indoor Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openweave Openweave Core	Version 4.0.2

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Google Nest Cam Iq Indoor Firmware	Version 4620002

Running on/with	Platform Versions
Google Nest Cam Iq Indoor	All versions

Related CWEs

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

References (2)

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0803

Source: talos-cna@cisco.com

ExploitThird Party Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0803

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.