FNET software Security Feature Issue Vulnerability

FNET is a soft armor from the FNET organization that provides dual TCP / IPv4 and IPv6 stack support for 32-bit MCUs. A security signature issue vulnerability exists in the FNET software that allows an attacker to spoof or corrupt a TCP connection...

CVE-2020-24383

An issue was discovered in FNET through 4.6.4. The code for processing resource records in mDNS queries doesn't check for proper '\0' termination of the resource record name string, leading to an out-of-bounds read, and potentially causing information leak or Denial-or-Service...

CVE-2020-24383

An issue was discovered in FNET through 4.6.4. The code for processing resource records in mDNS queries doesn't check for proper '\0' termination of the resource record name string, leading to an out-of-bounds read, and potentially causing information leak or Denial-or-Service...

CVE-2020-17468

An issue was discovered in FNET through 4.6.4. The code for processing the hop-by-hop header in the IPv6 extension headers doesn't check for a valid length of an extension header, and therefore an out-of-bounds read can occur in fnetip6extheaderhandleroptions in fnetip6.c, leading to...

CVE-2020-17467

An issue was discovered in FNET through 4.6.4. The code for processing the hostname from an LLMNR request doesn't check for '\0' termination. Therefore, the deduced length of the hostname doesn't reflect the correct length of the actual data. This may lead to Information Disclosure in fnetllmnrpo...

CVE-2020-17468

An issue was discovered in FNET through 4.6.4. The code for processing the hop-by-hop header in the IPv6 extension headers doesn't check for a valid length of an extension header, and therefore an out-of-bounds read can occur in fnetip6extheaderhandleroptions in fnetip6.c, leading to...

CVE-2020-17469

An issue was discovered in FNET through 4.6.4. The code for IPv6 fragment reassembly tries to access a previous fragment starting from a network incoming fragment that still doesn't have a reference to the previous one which supposedly resides in the reassembly list. When faced with an incoming...

CVE-2020-17470

An issue was discovered in FNET through 4.6.4. The code that initializes the DNS client interface structure does not set sufficiently random transaction IDs they are always set to 1 in fnetdnspoll in fnetdns.c. This significantly simplifies DNS cache poisoning attacks...

CVE-2020-17469

An issue was discovered in FNET through 4.6.4. The code for IPv6 fragment reassembly tries to access a previous fragment starting from a network incoming fragment that still doesn't have a reference to the previous one which supposedly resides in the reassembly list. When faced with an incoming...

CVE-2020-17470

An issue was discovered in FNET through 4.6.4. The code that initializes the DNS client interface structure does not set sufficiently random transaction IDs they are always set to 1 in fnetdnspoll in fnetdns.c. This significantly simplifies DNS cache poisoning attacks...

CVE-2020-17467

An issue was discovered in FNET through 4.6.4. The code for processing the hostname from an LLMNR request doesn't check for '\0' termination. Therefore, the deduced length of the hostname doesn't reflect the correct length of the actual data. This may lead to Information Disclosure in fnetllmnrpo...

Information disclosure

An issue was discovered in FNET through 4.6.4. The code for processing the hostname from an LLMNR request doesn't check for '\0' termination. Therefore, the deduced length of the hostname doesn't reflect the correct length of the actual data. This may lead to Information Disclosure in fnetllmnrpo...

Out-of-bounds

An issue was discovered in FNET through 4.6.4. The code for processing resource records in mDNS queries doesn't check for proper '\0' termination of the resource record name string, leading to an out-of-bounds read, and potentially causing information leak or Denial-or-Service...

Design/Logic Flaw

An issue was discovered in FNET through 4.6.4. The code for IPv6 fragment reassembly tries to access a previous fragment starting from a network incoming fragment that still doesn't have a reference to the previous one which supposedly resides in the reassembly list. When faced with an incoming...

Code injection

An issue was discovered in FNET through 4.6.4. The code that initializes the DNS client interface structure does not set sufficiently random transaction IDs they are always set to 1 in fnetdnspoll in fnetdns.c. This significantly simplifies DNS cache poisoning attacks...

Design/Logic Flaw

An issue was discovered in FNET through 4.6.4. The code for processing the hop-by-hop header in the IPv6 extension headers doesn't check for a valid length of an extension header, and therefore an out-of-bounds read can occur in fnetip6extheaderhandleroptions in fnetip6.c, leading to...

CVE-2020-24383

CVE-2020-24383 concerns FNET up to version 4.6.4. The issue lies in mDNS resource-record name processing: missing termination checks can trigger an out-of-bounds read, risking information disclosure and potential DoS. Affected product family is FNET (and related stacks cited in AMNESIA:33). Publi...

CVE-2020-24383

An issue was discovered in FNET through 4.6.4. The code for processing resource records in mDNS queries doesn't check for proper '\0' termination of the resource record name string, leading to an out-of-bounds read, and potentially causing information leak or Denial-or-Service...

CVE-2020-17470

CVE-2020-17470 affects FNET (up to 4.6.4) where DNS client interface initialization leaves DNS transaction IDs non-random (always 1 in _fnet_dns_poll in fnet_dns.c), making DNS cache poisoning more feasible. The CVE is documented with a MEDIUM base score (~4.0–5.3 range in the CVSS vectors) and i...

CVE-2020-17470

An issue was discovered in FNET through 4.6.4. The code that initializes the DNS client interface structure does not set sufficiently random transaction IDs they are always set to 1 in fnetdnspoll in fnetdns.c. This significantly simplifies DNS cache poisoning attacks...