USN-8423-1 lwip vulnerabilities

It was discovered that lwIP contained a buffer overflow in the EAP authentication handling code. An attacker could possibly use this issue to trigger a buffer overflow, resulting in arbitrary code execution or a denial of service. This issue only affected Ubuntu 20.04 LTS. CVE-2020-8597 It was...

EUVD-2026-35915

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser parseoptions in components/lwip/apps/dhcpserver/dhcpserver.c shipped with ESP-IDF's lwIP component. The pars...

CVE-2026-8836

A flaw was found in lwIP. A remote attacker can exploit a stack-based buffer overflow vulnerability in the snmpparseinboundframe function within the SNMPv3 User-based Security Model USM Handler. By manipulating specific authentication parameters, an attacker could potentially achieve arbitrary co...

UBUNTU-CVE-2026-8836

A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmpparseinboundframe of the file src/apps/snmp/snmpmsg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument msgAuthenticationParameters results in stack-based buffer overflow. The attack may be...

CVE-2026-8836 lwIP snmpv3 USM snmp_msg.c snmp_parse_inbound_frame stack-based overflow

A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmpparseinboundframe of the file src/apps/snmp/snmpmsg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument msgAuthenticationParameters results in stack-based buffer overflow. The attack may be...

CVE-2026-8836

A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmpparseinboundframe of the file src/apps/snmp/snmpmsg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument msgAuthenticationParameters results in stack-based buffer overflow. The attack may be...

CVE-2026-8836

Summary: lwIP up to 2.2.1 contains a vulnerability in the SNMPv3 USM handler. The issue is in the function snmp_parse_inbound_frame (file: src/apps/snmp/snmp_msg.c) where manipulating msgAuthenticationParameters can cause a stack-based buffer overflow. The attack is potentially remote. A patch is...

PT-2026-41721

Name of the Vulnerable Software and Affected Versions lwIP versions prior to 2.2.2 Description A stack-based buffer overflow exists in the snmpv3 USM Handler component. A remote attacker can trigger this issue by manipulating the msgAuthenticationParameters argument within the snmp parse inbound...

PT-2025-2989 · Lwip · Lwip

Name of the Vulnerable Software and Affected Versions: lwip affected versions not specified Description: The issue is related to a possible out of bounds write due to an integer overflow in the prepare response function of lwis periodic io.c. This could lead to local escalation of privilege with ...

Third party vulnerabilities in SICK CDE-100

The SICK CDE-100 uses the open-source libraries FreeRTOS, lwIP and MCU Boot. The used libraries contain vulnerabilities that affect the SICK CDE-100...

The vulnerability of the `icmp6_send_response_with_addrs_and_netif()` function in the implementation of the TCP/IP protocol lwIP allows a attacker to gain access to confidential data.

The vulnerability of the icmp6sendresponsewithaddrsandnetif function in the TCP/IP protocol implementation of the lwIP stack is related to the copying of buffers without checking the input data. Exploiting this vulnerability allows a remote attacker to gain access to confidential data through a...

DEBIAN-CVE-2020-22284

A buffer overflow vulnerability in the zepiflinkoutput function of Free Software Foundation lwIP git head version and version 2.1.2 allows attackers to access sensitive information via a crafted 6LoWPAN packet...

UBUNTU-CVE-2020-22284

A buffer overflow vulnerability in the zepiflinkoutput function of Free Software Foundation lwIP git head version and version 2.1.2 allows attackers to access sensitive information via a crafted 6LoWPAN packet...

lwip 安全漏洞

lwip is an open source TCP/IP stack implementation. A security vulnerability exists in lwIP that allows an attacker to exploit the vulnerability to access sensitive information via a crafted 6LoWPAN packet...