Homepage

asu@0.7.20 vulnerabilities

An image on demand server for OpenWrt based distributions

  • latest version

    0.7.20

  • first published

    5 years ago

  • latest version published

    1 years ago

  • licenses detected

  • View asu package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the asu package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • C
    Use of Weak Hash

    asu is an An image on demand server for OpenWrt based distributions

    Affected versions of this package are vulnerable to Use of Weak Hash which allows the ASU server to be polluted with malicious firmware images. Due to the low entropy employed when only 12 characters are used from the SHA-256 hash, an attacker can force a collision and pollute the artifact cache with a previously built image, which will then be served to users. Further, the malicious images can be signed with the legitimate build key because the attacker can inject arbitrary build commands into the makefile in use.

    How to fix Use of Weak Hash?

    A fix was pushed into the master branch but not yet published.

    [0,)
    Go back to all versions of this package