CVE-2019-19945

HIGH LAB

Openwrt < 18.06.5 - Out-of-Bounds Access

Title source: rule

Description

uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an HTTP POST request to a CGI script, specifying both "Transfer-Encoding: chunked" and a large negative Content-Length value.

Exploits (1)

nomisec WORKING POC

by delicateByte · poc

https://github.com/delicateByte/CVE-2019-19945_Test

View Code ZIP pw:eip

References (2)

[Patch, Third Party Advisory] https://github.com/openwrt/openwrt/commits/master

[Vendor Advisory] https://openwrt.org/advisory/2020-01-13-1

Scores

CVSS v3 7.5

EPSS 0.0112

EPSS Percentile 78.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Lab Environment

COMMUNITY

Community Lab

docker pull archlinux:latest

https://github.com/delicateByte/CVE-2019-19945_Test

View in Library

Details

CWE

CWE-681 CWE-125

Status published

Products (2)

openwrt/openwrt 19.07.0 (3 CPE variants)

openwrt/openwrt 18.06.0 - 18.06.5

Published Mar 16, 2020

Tracked Since Feb 18, 2026