Lucene search

[email protected]CVE-2020-24337

HistoryDec 11, 2020 - 11:15 p.m.

CVE-2020-24337

2020-12-1123:15:00

CWE-835

[email protected]

web.nvd.nist.gov

cve-2020-24337

picotcp

picotcp-ng

denial-of-service

tcp option

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

9.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

39.5%

JSON

An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. When an unsupported TCP option with zero length is provided in an incoming TCP packet, it is possible to cause a Denial-of-Service by achieving an infinite loop in the code that parses TCP options, aka tcp_parse_options() in pico_tcp.c.

CPENameOperatorVersion
altran:picotcpaltran picotcple1.7.0
altran:picotcp-ngaltran picotcp-ngle1.7.0

CPE	Name	Operator	Version
altran:picotcp	altran picotcp	le	1.7.0
altran:picotcp-ng	altran picotcp-ng	le	1.7.0

References

us-cert.cisa.gov/ics/advisories/icsa-20-343-01

www.kb.cert.org/vuls/id/815128

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

9.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

39.5%

JSON

Related for CVE-2020-24337

prion1 osv1 cert1 ics1