CVE-2020-8916: Memory leak in wpanctl can lead to DoS
First published: Tue Jul 07 2020(Updated: )
A memory leak in Openthread's wpantund versions up to commit 0e5d1601febb869f583e944785e5685c6c747be7, when used in an environment where wpanctl is directly interfacing with the control driver (eg: debug environments) can allow an attacker to crash the service (DoS). We recommend updating, or to restrict access in your debug environments.
Credit: cve-coordination@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenThread | <=2020-05-28 |
Remedy
https://github.com/openthread/wpantund/pull/468/commits/0e5d1601febb869f583e944785e5685c6c747be7
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-8916?
CVE-2020-8916 has a severity that can lead to a denial of service (DoS) due to a memory leak.
How do I fix CVE-2020-8916?
To fix CVE-2020-8916, update wpantund to a version beyond the commit 0e5d1601febb869f583e944785e5685c6c747be7.
What software is affected by CVE-2020-8916?
CVE-2020-8916 affects all wpantund versions up to the commit dated 2020-05-28.
How can CVE-2020-8916 be exploited?
CVE-2020-8916 can be exploited in environments where wpanctl directly interfaces with the control driver, leading to a service crash.
Is CVE-2020-8916 related to OpenThread?
Yes, CVE-2020-8916 is directly related to the OpenThread implementation of wpantund.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/remedy
- agent/weakness
- agent/title
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/openthread
- canonical/openthread
- version/openthread/2020-05-28