Lucene search

GoogleOSV:CVE-2023-35849

HistoryJun 19, 2023 - 3:15 a.m.

CVE-2023-35849

2023-06-1903:15:09

Google

osv.dev

virtualsquare

picotcp-ng

header vulnerability

data access

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.4%

JSON

VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly check whether header sizes would result in accessing data outside of a packet.

CPENameOperatorVersion
picotcpeqV1.0
picotcpeq1.2.1
picotcpeq1.5.1
picotcpeq1.2.3
picotcpeq1.6.1
picotcpeq1.2.2
picotcpeqsprint3
picotcpeqsprint1
picotcpeqV1.2.4
picotcpeq1.4.0

Name	Operator	Version
picotcp	eq	V1.0
picotcp	eq	1.2.1
picotcp	eq	1.5.1
picotcp	eq	1.2.3
picotcp	eq	1.6.1
picotcp	eq	1.2.2
picotcp	eq	sprint3
picotcp	eq	sprint1
picotcp	eq	V1.2.4
picotcp	eq	1.4.0

Rows per page:

1-10 of 271

References

github.com/virtualsquare/picotcp/commit/4b9a16764f2b12b611de9c34a50b4713d10ca401

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.4%

JSON

Related for OSV:CVE-2023-35849