10 matches found
Code injection
An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers ISNs for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existin...
SUSE CVE-2020-25108
An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The DNS response data length is not checked it can be set to an arbitrary value from a packet. This may lead to successful Denial-of-Service, and possibly Remote Code Execution...
CVE-2020-25108
An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The DNS response data length is not checked it can be set to an arbitrary value from a packet. This may lead to successful Denial-of-Service, and possibly Remote Code Execution...
CVE-2020-25107
An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. There is no check on whether a domain name has '\0' termination. This may lead to successful Denial-of-Service, and possibly Remote Code Execution...
CVE-2020-25109
An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The number of DNS queries/responses set in a DNS header is not checked against the data present. This may lead to successful Denial-of-Service, and possibly Remote Code Execution...
Remote code execution
An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The length byte of a domain name in a DNS query/response is not checked, and is used for internal memory operations. This may lead to successful Denial-of-Service, and possibly Remote Code Execution...
CVE-2020-25110
CVE-2020-25110 is part of the AMNESIA:33 set affecting the Nut/Net DNS processing in Nut/OS components. The SUSE and CERT-derived documents describe a memory-corruption vulnerability caused by not validating the DNS data length when parsing DNS questions/responses, enabling denial-of-service and ...
CVE-2020-25109
An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The number of DNS queries/responses set in a DNS header is not checked against the data present. This may lead to successful Denial-of-Service, and possibly Remote Code Execution...
CVE-2020-25109
CVE-2020-25109 affects Nut/OS (Ethernut) 5.1 and earlier in the DNS implementation. The issue is that the number of DNS queries/responses (as set in the DNS header) is not checked against the available data, enabling potential denial of service and possibly remote code execution. Connected adviso...
Contiki 缓冲区错误漏洞
Nut/OS is a modular, open-source real-time operating system for embedded platforms. A denial of service and remote code execution vulnerability exists in the DNS implementation in Ethernut in Nut/OS 5.1. The vulnerability stems from a failure to check if a domain name ends in '0'. An attacker cou...