2 matches found
SUSE CVE-2020-17440
An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that parses incoming DNS packets does not validate that domain names present in the DNS responses have '\0' termination. This results in errors when calculating the offset of the pointer that jumps over domain...
CVE-2020-17440
CVE-2020-17440 affects uIP 1.0 (and Contiki-OS/NG and related stacks) where DNS packet parsing does not verify that domain names are null-terminated, enabling memory corruption via crafted DNS responses. Root cause is improper null termination handling in resolv.c (newdata()/parse_name()). Impact...