{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T11:49:51.180","vulnerabilities":[{"cve":{"id":"CVE-2020-4060","sourceIdentifier":"security-advisories@github.com","published":"2020-06-22T16:15:11.557","lastModified":"2024-11-21T05:32:14.290","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In LoRa Basics Station before 2.0.4, there is a Use After Free vulnerability that leads to memory corruption. This bug is triggered on 32-bit machines when the CUPS server responds with a message (https://doc.sm.tc/station/cupsproto.html#http-post-response) where the signature length is larger than 2 GByte (never happens in practice), or the response is crafted specifically to trigger this issue (i.e. the length signature field indicates a value larger than (2**31)-1 although the signature actually does not contain that much data). In such a scenario, on 32 bit machines, Basic Station would execute a code path, where a piece of memory is accessed after it has been freed, causing the process to crash and restarted again. The CUPS transaction is typically mutually authenticated over TLS. Therefore, in order to trigger this vulnerability, the attacker would have to gain access to the CUPS server first. If the user chose to operate without authentication over TLS but yet is concerned about this vulnerability, one possible workaround is to enable TLS authentication. This has been fixed in 2.0.4."},{"lang":"es","value":"En LoRa Basics Station versiones anteriores a 2.0.4, se presenta una vulnerabilidad de Uso de la Memoria Previamente Liberada que conlleva a una corrupción de la memoria. Este error es desencadenado en máquinas de 32 bits cuando el servidor CUPS responde con un mensaje (https://doc.sm.tc/station/cupsproto.html#http-post-response) donde la longitud de la firma es mayor que 2 GByte (nunca sucede en la práctica), o la respuesta está diseñada específicamente para desencadenar este problema (es decir, el campo length signature indica un valor mayor que (2**31)-1 aunque la firma en realidad no contiene tantos datos). En tal escenario, en máquinas de 32 bits, Basic Station ejecutaría una ruta de código, donde se accede a una porción de memoria después de que ha sido liberada, lo que hace que el proceso se bloquee y se reinicie nuevamente. La transacción de CUPS generalmente se autentica mutuamente por medio de TLS. Por lo tanto, para desencadenar esta vulnerabilidad, el atacante primero tendría que conseguir acceso al servidor CUPS. Si el usuario elige operar sin autenticación por medio de TLS pero está preocupado por esta vulnerabilidad, una solución posible es habilitar la autenticación TLS. Esto se ha corregido en la versión 2.0.4"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L","baseScore":4.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.3,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.1,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:semtech:lora_basics_station:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0.4","matchCriteriaId":"BF29D2B9-752D-41CA-BF80-3AFEC3095467"}]}]}],"references":[{"url":"https://github.com/lorabasics/basicstation/security/advisories/GHSA-v9ph-r496-4m2j","source":"security-advisories@github.com","tags":["Mitigation","Third Party Advisory"]},{"url":"https://github.com/lorabasics/basicstation/security/advisories/GHSA-v9ph-r496-4m2j","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory"]}]}}]}