CVE-2020-17439
CVE-2020-17439 affects uIP 1.0 (used in Contiki 3.0 and other products). The DNS client parses DNS replies without validating that replies match outgoing queries; DNS transaction IDs are insufficiently random and small DNS caches (4 entries) enable DNS cache poisoning. Connected sources confirm a...