Vulnerability Details CVE-2020-7248
libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 78.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/openwrt/openwrt/commits/master
- https://nvd.nist.gov/vuln/detail/CVE-2020-7248#range-4512438
- https://openwrt.org/advisory/2020-01-31-2
- https://openwrt.org/advisory/2020-01-31-2
- https://github.com/openwrt/openwrt/commits/master
- https://nvd.nist.gov/vuln/detail/CVE-2020-7248#range-4512438
- https://openwrt.org/advisory/2020-01-31-2
- https://openwrt.org/advisory/2020-01-31-2
Products affected by CVE-2020-7248
-
cpe:2.3:o:openwrt:openwrt:18.06.0
-
cpe:2.3:o:openwrt:openwrt:18.06.1
-
cpe:2.3:o:openwrt:openwrt:18.06.2
-
cpe:2.3:o:openwrt:openwrt:18.06.3
-
cpe:2.3:o:openwrt:openwrt:18.06.4
-
cpe:2.3:o:openwrt:openwrt:18.06.5
-
cpe:2.3:o:openwrt:openwrt:18.06.6
-
cpe:2.3:o:openwrt:openwrt:19.07.0