CVE-2019-5039
HIGH EXPLOITED IN THE WILD RANSOMWAREOpenweave-core <4.0.2 - Command Injection
Title source: llmExploitation Summary
CVE-2019-5039 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io), including in ransomware campaigns.
Description
An exploitable command execution vulnerability exists in the ASN1 certificate writing functionality of Openweave-core version 4.0.2. A specially crafted weave certificate can trigger a heap-based buffer overflow, resulting in code execution. An attacker can craft a weave certificate to trigger this vulnerability.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0802
Scores
CVSS v3
8.8
EPSS
0.0162
EPSS Percentile
73.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2022-01-26
InTheWild.io
2022-02-01
Ransomware Use
Confirmed
CWE
CWE-122
CWE-787
Status
published
Products (1)
openweave/openweave-core
4.0.2
Published
Aug 20, 2019
Tracked Since
Feb 18, 2026