Multiple exploitable buffer overflow vulnerabilities exists in the PubNub message handler for the "control" channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. The `strcpy` at [18] overflows the buffer `insteon_pubnub.channel_al`, which has a size of 16 bytes.

Related CVEs

CVE-2017-14454

Key Information

GHSA ID

GHSA-rhm6-355p-2674

Published

January 12, 2023 12:30 AM

Last Modified

January 20, 2023 9:30 PM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 4, 2025 6:33 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.