Lucene search

[email protected]NVD:CVE-2020-13987

HistoryDec 11, 2020 - 10:15 p.m.

CVE-2020-13987

2020-12-1122:15:12

CWE-125

[email protected]

web.nvd.nist.gov

cve-2020-13987

contiki

out-of-bounds read

uip tcp/ip stack

ip packets

checksums

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

50.2%

JSON

An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.

Affected configurations

Nvd

Node

contiki-oscontikiRange≤3.0

AND

uip_projectuipRange≤1.0

Node

open-iscsi_projectopen-iscsiRange≤2.1.12

Node

siemenssentron_3va_com100Match-

AND

siemenssentron_3va_com100_firmwareRange<4.4.1

Node

siemenssentron_3va_com800Match-

AND

siemenssentron_3va_com800_firmwareRange<4.4.1

Node

siemenssentron_pac3200Match-

AND

siemenssentron_pac3200_firmwareRange<2.4.7

Node

siemenssentron_pac4200Match-

AND

siemenssentron_pac4200_firmwareRange<2.3.0

VendorProductVersionCPE
contiki-oscontiki*cpe:2.3:o:contiki-os:contiki:*:*:*:*:*:*:*:*
uip_projectuip*cpe:2.3:a:uip_project:uip:*:*:*:*:*:*:*:*
open-iscsi_projectopen-iscsi*cpe:2.3:a:open-iscsi_project:open-iscsi:*:*:*:*:*:*:*:*
siemenssentron_3va_com100-cpe:2.3:h:siemens:sentron_3va_com100:-:*:*:*:*:*:*:*
siemenssentron_3va_com100_firmware*cpe:2.3:o:siemens:sentron_3va_com100_firmware:*:*:*:*:*:*:*:*
siemenssentron_3va_com800-cpe:2.3:h:siemens:sentron_3va_com800:-:*:*:*:*:*:*:*
siemenssentron_3va_com800_firmware*cpe:2.3:o:siemens:sentron_3va_com800_firmware:*:*:*:*:*:*:*:*
siemenssentron_pac3200-cpe:2.3:h:siemens:sentron_pac3200:-:*:*:*:*:*:*:*
siemenssentron_pac3200_firmware*cpe:2.3:o:siemens:sentron_pac3200_firmware:*:*:*:*:*:*:*:*
siemenssentron_pac4200-cpe:2.3:h:siemens:sentron_pac4200:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
contiki-os	contiki	*	cpe:2.3:o:contiki-os:contiki::::::::
uip_project	uip	*	cpe:2.3:a:uip_project:uip::::::::
open-iscsi_project	open-iscsi	*	cpe:2.3:a:open-iscsi_project:open-iscsi::::::::
siemens	sentron_3va_com100	-	cpe:2.3:h:siemens:sentron_3va_com100:-:::::::*
siemens	sentron_3va_com100_firmware	*	cpe:2.3:o:siemens:sentron_3va_com100_firmware::::::::
siemens	sentron_3va_com800	-	cpe:2.3:h:siemens:sentron_3va_com800:-:::::::*
siemens	sentron_3va_com800_firmware	*	cpe:2.3:o:siemens:sentron_3va_com800_firmware::::::::
siemens	sentron_pac3200	-	cpe:2.3:h:siemens:sentron_pac3200:-:::::::*
siemens	sentron_pac3200_firmware	*	cpe:2.3:o:siemens:sentron_pac3200_firmware::::::::
siemens	sentron_pac4200	-	cpe:2.3:h:siemens:sentron_pac4200:-:::::::*