Lucene search

[email protected]CVE-2023-35849

HistoryJun 19, 2023 - 3:15 a.m.

CVE-2023-35849

2023-06-1903:15:09

CWE-754

[email protected]

web.nvd.nist.gov

102

cve-2023-35849

virtualsquare

picotcp

picotcp-ng

security

vulnerability

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

43.3%

JSON

VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly check whether header sizes would result in accessing data outside of a packet.

Affected configurations

NVD

Node

virtualsquarepicotcpRange≤2.1

CPENameOperatorVersion
virtualsquare:picotcpvirtualsquare picotcple2.1

CPE	Name	Operator	Version
virtualsquare:picotcp	virtualsquare picotcp	le	2.1

References

github.com/virtualsquare/picotcp/commit/4b9a16764f2b12b611de9c34a50b4713d10ca401

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

43.3%

JSON

Related for CVE-2023-35849

nvd1 prion1 cvelist1 osv1