This issue could be exploited by sending a specially crafted request to the affected device. This issue was addressed by updating libotfcc to version 4.0.
An attacker could request an OTFC file from a user, and if the user had the ability to create or upload files, they could request a file that runs remote code, and has a possibility to crash the device. CVE-2019-19403 An issue was discovered in the Open Trust Firmware (OTF) CC library. The libotfcc component of the OTF software platform could allow remote attackers to cause a denial of service (crash) or possibly have other unspecified impact via a crafted CC file. This vulnerability affects users running firmware before OTFC version 4.0. This issue was addressed by updating to version 4.0.
An attacker could request an OTFC file from a user, and if the user had the ability to create or upload files, they could request a file that runs remote code, and has a possibility to crash the device. CVE-2019-19404 An issue was discovered in the Open Trust Firmware (OTF) CC library. The libotfcc component of the OTF software platform could allow remote attackers to cause a denial of service (crash) or possibly have other unspecified impact via a crafted CC file. This vulnerability affects users running firmware before OTFC version 4.0. This issue was addressed by updating to version 4.0.
How to upgrade to non-Beta firmware version
Step 1: Ensure your device is on firmware version 4.0 or higher
Step 2: Download the latest OTFC file from our downloads page (https://www.opensource-firmware.com/downloads/)
Step 3: Save the file to a folder on your local drive
Step 4: Copy the downloaded OTFC file to the directory /system/bin on your device
Timeline
Published on: 09/22/2022 17:15:00 UTC
Last modified on: 09/23/2022 03:01:00 UTC