CVE-2017-16273

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd e_ml, at 0x9d016fa8, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow.
References
Link Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483 Technical Description Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483 Technical Description Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:insteon:hub_firmware:1012:*:*:*:*:*:*:*
cpe:2.3:h:insteon:hub:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:16

Type Values Removed Values Added
Summary
  • (es) Existen múltiples vulnerabilidades de desbordamiento de búfer explotables en el controlador de mensajes PubNub para el canal "cc" de Insteon Hub que ejecuta la versión de firmware 1012. Los comandos especialmente manipulados enviados a través del servicio PubNub pueden provocar un desbordamiento de búfer en la región stack de la memoria que sobrescriba datos arbitrarios. Un atacante debería enviar una solicitud HTTP autenticada para activar esta vulnerabilidad. En cmd e_ml, en 0x9d016fa8, el valor de la clave `grp` se copia usando `strcpy` al búfer en `$sp+0x1b4`. Este búfer tiene 8 bytes de tamaño, enviar algo más largo provocará un desbordamiento del búfer.
References () https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483 - Technical Description, Third Party Advisory () https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483 - Technical Description, Third Party Advisory

Information

Published : 2023-01-11 22:15

Updated : 2024-11-21 03:16


NVD link : CVE-2017-16273

Mitre link : CVE-2017-16273

CVE.ORG link : CVE-2017-16273


JSON object : View

Products Affected

insteon

  • hub_firmware
  • hub
CWE
CWE-121

Stack-based Buffer Overflow

CWE-787

Out-of-bounds Write