CVE-2019-5039

Summary

An exploitable command execution vulnerability exists in the ASN1 certificate writing functionality of Openweave-core version 4.0.2. A specially crafted weave certificate can trigger a heap-based buffer overflow, resulting in code execution. An attacker can craft a weave certificate to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
n/aNest LabsNest Labs Openweave-core 4.0.2affected

Weaknesses

  • CWE-122: CWE-122: Heap-based Buffer Overflow

ADP Enrichment

CVE Program Container

Additional References

References