Monthly report on robot cybersecurity vulnerabilities - April 2020

This is the first entry (hopefully of a monthly series) that summarizes the cybersecurity flaws affecting robots and reported during April 2020.

A total of 67 robot cybersecurity flaws were reported in April 2020 according to the Robot Vulnerability Database (RVD) and other sources reviewed. All of them vulnerabilities applying and confirmed to Universal Robots UR3, UR5 and UR10. From the outlook, these flaws might also apply to eUR3, eUR5, eUR10 and eUR16 robots.

ID Type Title
RVD#1496 vulnerability RVD#1496: The function read_data() in security.c in curl is vulnerable to memory double free.
RVD#1495 vulnerability RVD#1495: Universal Robots URCaps execute with unbounded privileges
RVD#1494 vulnerability RVD#1494: Not sanitizing filenames in the add_match function in libbb/lineedit.c in BusyBox through 1.27.2 when tab autocompleting filenames
RVD#1493 vulnerability RVD#1493: CRLF injection vulnerability in Python before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers
RVD#1492 vulnerability RVD#1492: Improper Handling of Unicode Encoding during NFKC normalization on python 2.7.x through 2.7.16 and 3.x through 3.7.2
RVD#1491 vulnerability RVD#1491: Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) via a long name.
RVD#1490 vulnerability RVD#1490: procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption which could result in crashes or arbitrary code execution
RVD#1489 vulnerability RVD#1489: Unprotected intelectual property in Universal Robots controller CB 3.1 across firmware versions
RVD#1488 vulnerability RVD#1488: The expansion of '\h' in the prompt string in bash 4.3 allows arbitrary code execution.
RVD#1487 vulnerability RVD#1487: No integrity checks on UR+ platform artifacts when installed in the robot
RVD#1485 vulnerability RVD#1485: A race condition in util-linux before 2.32.1 in su could be used to kill other processes with root privileges
RVD#1484 vulnerability RVD#1484: Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free.
RVD#1483 vulnerability RVD#1483: The smtplib library in Python 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails
RVD#1482 vulnerability RVD#1482: The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules
RVD#1480 vulnerability RVD#1480: An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6.
RVD#1479 vulnerabitity RVD#1479: Python's elementtree C accelerator failed to initialize Expat's hash salt during initialization.
RVD#1478 vulnerability RVD#1478: Sqlite3 3.26.0 vulnerability exists in the window function potentially resulting in remote code execution.
RVD#1477 vulnerability RVD#1477: The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable
RVD#1476 vulnerability RVD#1476: CPython up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c
RVD#1475 vulnerability RVD#1475: Modules/_pickle.c in Python before 3.7.1 has an integer overflow might that can cause memory exhaustion.
RVD#1474 vulnerability RVD#1474: Python version 2.7 contains a vulnerability in shutil module that can result in DoS and Information gain via injection of arbitrary files on the system or entire drive.
RVD#1473 vulnerability RVD#1473: GNU wget before 1.18 allows remote servers to write to arbitrary files
RVD#1472 vulnerability RVD#1472: CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython before 2.7.10 and 3.x before 3.4.4
RVD#1471 vulnerability RVD#1471: libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024
RVD#1470 vulnerability RVD#1470: vim before patch 8.0.0056 does not properly validate values for 'filetype', 'syntax' and 'keymap' options
RVD#1469 vulnerability RVD#1469: The email module in Various Versions of Python 2 and 3 wrongly parses email addresses that contain multiple @ characters.
RVD#1468 vulnerability RVD#1468: http.cookiejar.DefaultPolicy.domain_return_ok in Python before 3.7.3 can be tricked into sending existing cookies to the wrong server.
RVD#1467 vulnerability RVD#1467: Some python versions 2.7/3.7. are vulnerable to DoS via catastrophic backtracking
RVD#1466 vulnerability RVD#1466: glibc allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack
RVD#1465 vulnerability RVD#1465: getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands
RVD#1464 vulnerability RVD#1464: CRLF injection is possible due to an issue discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3.
RVD#1463 vulnerability RVD#1463: The OpenSSL RSA Key generation algorithm is vulnerable to a cache timing side channel attack
RVD#1462 vulnerability RVD#1462: The shared memory manager in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers
RVD#1461 vulnerability RVD#1461: Integer overflow in the strxfrm function in the GNU C Library before 2.21 allows to cause a DoS
RVD#1460 vulnerability RVD#1460: Untrusted search path vulnerability in ssh-agent.c in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules
RVD#1459 vulnerability RVD#1459: Use-after-free vulnerability in bzip2 1.0.6 allows remote attackers to cause a DoS
RVD#1458 vulnerabitity RVD#1458: idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information
RVD#1457 vulnerability RVD#1457: An invalid memory address dereference in elfutils through v0.174. that allows attackers to cause a DoS
RVD#1456 vulnerability RVD#1456: Stack-based buffer overflow in the getaddrinfo function in getaddrinfo.c in glibc allows a DoS attack
RVD#1455 vulnerability RVD#1455: A buffer overflow in glibc 2.5 which can be triggered through the LD_LIBRARY_PATH environment variable
RVD#1454 vulnerability RVD#1454: Double free vulnerability in JasPer 1.900.17 allows remote attackers to cause a DoS
RVD#1453 vulnerability RVD#1453: Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free
RVD#1452 vulnerability RVD#1452: Memory leak in the __res_vinit function in the IPv6 name server code in libresolv in glibc before 2.24 causes a DoS
RVD#1451 vulnerability RVD#1451: There is an overflow bug in the AVX2 Montgomery multiplication procedure
RVD#1450 vulnerability RVD#1450: Integer overflow in the GNU C Library before 2.22 allows context-dependent attackers to cause a DoS
RVD#1449 vulnerabitity RVD#1449: OoB Write will cause Mozilla Network Security Services to crash on various iterations from 3.21.4 to 3.30.1
RVD#1448 vulnerabitity RVD#1448: The glob function in glob.c in the GNU C Library contains a buffer overflow unescaping names with ~ operator.
RVD#1447 vulnerabitity RVD#1447: Carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0cspecific Montgo
RVD#1446 vulnerabitity RVD#1446: A heap buffer overflow in the TFTP receiving code allows for DoS
RVD#1442 vulnerabitity RVD#1442: libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows
RVD#1441 vulnerabitity RVD#1441: Directory traversal vulnerability in the safer_name_suffix function in GNU tar
RVD#1440 vulnerabitity RVD#1440: A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801
RVD#1439 vulnerabitity RVD#1439: The fnmatch function in the GNU C Library (aka glibc or libc6) DoS via a malformed pattern
RVD#1438 vulnerabitity RVD#1438: The check_symtab_shndx function in elfutils 0.168 allows remote attackers to cause a DoS.
RVD#1437 vulnerabitity RVD#1437: The allocate_elf function in elfutils before 0.168 allows remote attackers to cause a DoS.
RVD#1436 vulnerabitity RVD#1436: A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2
RVD#1435 vulnerabitity RVD#1435: elflint.c in elfutils 0.168 does not validate the number of sections nor segments allowing a DoS Attack
RVD#1434 vulnerabitity RVD#1434: A remote code execution vulnerability in libxml2 could allow execution of arbritary code.
RVD#1433 vulnerabitity RVD#1433: The http.c skip_short_body() function is called in some circumstances.
RVD#1432 vulnerabitity RVD#1432: The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer
RVD#1431 vulnerabitity RVD#1431: libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack
RVD#1430 vulnerabitity RVD#1430: Crafted file can lead to a DoS due to a memory alocation failure in elfutils
RVD#1429 vulnerabitity RVD#1429: Null pointer dereference vulnerability causes TLS/SSL server using NSS to crash.
RVD#1428 vulnerabitity RVD#1428: The FTP wildcard function in curl and libcurl before 7.57.0 allows DoS
RVD#1427 vulnerabitity RVD#1427: The malloc function in the GNU C Library 2.2 Could lead to a heap overflow
RVD#1426 vulnerability RVD#1426: A truncated packet can cause that SSL/TLS server or client to perform an out-of-bounds read.
RVD#1425 vulnerabitity RVD#1425: It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete