Webroot BrightCloud SDK HTTP headers-parsing code execution vulnerability – 17th Dec 2018

Preface: Webroot delivers next-generation endpoint security and threat intelligence services to protect businesses and individuals in a connected world.

Technical background: The Webroot BrightCloud® Mobile Security SDK addresses mobile device vulnerabilities by enabling mobile management partners to offer enhanced security .

Vulnerability found on 17th Dec 2018:
CUJO Smart Firewall (ver 7003) provides services to avoid Home users IoT devices potentially connect to malicious websites. An library file (webroot.so) provides by webroot SDK has vulnerability occurs. A heap-based Buffer Overflow was found. In normal circumstances, CUJO accesses the BrightCloud API through bcap15.brightcloud.com over a plain HTTP connection. The function bc_http_read_header incorrectly handles overlong headers, leading to arbitrary code execution which let attacker could impersonate a remote BrightCloud server to trigger this vulnerability.

Reference: BrightCloud – about enquiry