Lucene search

[email protected]CVE-2020-24341

HistoryDec 11, 2020 - 11:15 p.m.

CVE-2020-24341

2020-12-1123:15:00

CWE-125

[email protected]

web.nvd.nist.gov

cve-2020-24341

picotcp

picotcp-ng

tcp

out-of-bounds read

dos

info leak

vulnerability

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

9.1 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.002 Low

EPSS

Percentile

58.9%

JSON

An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The TCP input data processing function in pico_tcp.c does not validate the length of incoming TCP packets, which leads to an out-of-bounds read when assembling received packets into a data segment, eventually causing Denial-of-Service or an information leak.

CPENameOperatorVersion
altran:picotcpaltran picotcple1.7.0
altran:picotcp-ngaltran picotcp-ngle1.7.0

CPE	Name	Operator	Version
altran:picotcp	altran picotcp	le	1.7.0
altran:picotcp-ng	altran picotcp-ng	le	1.7.0

References

us-cert.cisa.gov/ics/advisories/icsa-20-343-01

www.kb.cert.org/vuls/id/815128

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

9.1 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.002 Low

EPSS

Percentile

58.9%

JSON

Related for CVE-2020-24341

prion1 osv1 ics1 cert1