CVE-2019-5039

Publication date

2019-08-20 20:39:41

Family

talos

State

PUBLISHED

Description

An exploitable command execution vulnerability exists in the ASN1 certificate writing functionality of Openweave-core version 4.0.2. A specially crafted weave certificate can trigger a heap-based buffer overflow, resulting in code execution. An attacker can craft a weave certificate to trigger this vulnerability.