CVE-2020-10060— UpdateHub Might Dereference An Uninitialized Pointer
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-10060
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
UpdateHub Might Dereference An Uninitialized Pointer
Source: NVD (National Vulnerability Database)
Vulnerability Description
In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak. Provided the fix in CVE-2020-10059 is applied, the attack requires compromise of the server. See NCC-ZEP-030 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
内存缓冲区边界内操作的限制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Zephyr 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Zephyr是美国Linux基金会的一套开源的小型的可缩放的实时操作系统。 Zephyr 2.1.0及之后版本和2.2.0及之后版本中的updatehub_probe中存在缓冲区错误漏洞。该漏洞源于网络系统或产品在内存上执行操作时,未正确验证数据边界,导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| zephyrproject-rtos | zephyr | 2.1.0 ~ unspecified | - |
II. Public POCs for CVE-2020-10060
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2020-10060
请登录查看更多情报信息。
- https://github.com/zephyrproject-rtos/zephyr/pull/27891x_refsource_CONFIRM
- https://github.com/zephyrproject-rtos/zephyr/pull/27893x_refsource_CONFIRM
- https://github.com/zephyrproject-rtos/zephyr/pull/27889x_refsource_CONFIRM
- https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-37x_refsource_MISC
- https://github.com/zephyrproject-rtos/zephyr/pull/27865x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2020-10060
Same Patch Batch · zephyrproject-rtos · 2020-05-11 · 11 CVEs total
| CVE-2020-10022 | 9.0 CRITICAL | UpdateHub Module Copies a Variable-Size Hash String Into a Fixed-Size Array |
| CVE-2020-10019 | 8.1 HIGH | Buffer Overflow in USB DFU requested length |
| CVE-2020-10021 | 8.1 HIGH | Out-of-bounds write in USB Mass Storage with unaligned sizes |
| CVE-2020-10024 | 7.8 HIGH | ARM Platform Uses Signed Integer Comparison When Validating Syscall Numbers |
| CVE-2020-10027 | 7.8 HIGH | ARC Platform Uses Signed Integer Comparison When Validating Syscall Numbers |
| CVE-2020-10028 | 7.8 HIGH | Multiple Syscalls In GPIO Subsystem Performs No Argument Validation |
| CVE-2020-10058 | 7.8 HIGH | Multiple Syscalls In kscan Subsystem Performs No Argument Validation |
| CVE-2020-10067 | 7.5 HIGH | Integer Overflow In is_in_region Allows User Thread To Access Kernel Memory |
| CVE-2020-10023 | 6.9 MEDIUM | Shell Subsystem Contains a Buffer Overflow Vulnerability In shell_spaces_trim |
| CVE-2020-10059 | 4.8 MEDIUM | UpdateHub Module Explicitly Disables TLS Verification |
IV. Related Vulnerabilities
Same product: zephyr
- CVE-2026-1677
net: TLS 1.2 connections allowed on TLS 1.3 sockets - CVE-2026-5590
net: ip/tcp: Null pointer dereference can be triggered by a - CVE-2026-1679
net: eswifi socket send payload length not bounded - CVE-2026-4179
stm32: usb: Infinite while loop in Interrupt Handler - CVE-2026-0849
crypto: ATAES132A response length allows stack buffer overfl
Same vendor: zephyrproject-rtos
- CVE-2026-1677
net: TLS 1.2 connections allowed on TLS 1.3 sockets - CVE-2026-5590
net: ip/tcp: Null pointer dereference can be triggered by a - CVE-2026-1679
net: eswifi socket send payload length not bounded - CVE-2026-4179
stm32: usb: Infinite while loop in Interrupt Handler - CVE-2026-0849
crypto: ATAES132A response length allows stack buffer overfl
Same weakness: CWE-119
- CVE-2026-22167
GPU DDK - Cache resident PM buffers writable by other GPU re - CVE-2026-27890
Firebird has Pre-Auth DOS when Processing Out of Order CNCT_ - CVE-2026-34864
Huawei HarmonyOS 安全漏洞 - CVE-2026-4149
Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code - CVE-2026-34988
Wasmtime leaks data between pooling allocator instances
V. Comments for CVE-2020-10060
No comments yet