CVE-2026-43036

Summary (CVE-2026-43036) : The issue resides in the Linux kernel networking path, where gso_features_check() read IPv4 header offsets (iph->frag_off) in a way that could dereference uninitialized data when packets are injected via PF_PACKET paths. The root cause is unsafe header dereferencing ...

SUSE CVE-2020-17438

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails to properly validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP header. By crafti...

EulerOS Virtualization 2.9.1 : open-iscsi (EulerOS-SA-2021-1718)

According to the version of the open-iscsi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails...

CVE-2020-17438

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails to properly validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP header. By crafti...

CVE-2020-17438

CVE-2020-17438 affects uIP 1.0 (used in Contiki 3.0 and other products). The IP reassembly code fails to validate the total packet length and fragmentation offset, enabling crafted IP headers to write past the static buffer into the .bss area, causing a denial of service in uip_reass() and potent...

CVE-2020-17529

Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX incubating versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP header. This is only impacts builds with both CONFIGEXPERIMENTAL and...

CVE-2020-17529 Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header

Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX incubating versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP header. This is only impacts builds with both CONFIGEXPERIMENTAL and...

Apache NuttX 缓冲区错误漏洞

Apache NuttX is a real-time embedded operating system from the Apache Software Foundation.TCP Transmission Control Protocol is a connection-oriented, reliable, byte-stream-based transport layer communication protocol defined by IETF RFC 793. TCP Transmission Control Protocol is a...

Linux Kernel - UDP Fragmentation Offset 'UFO' Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Linux Kernel UDP Fragmentation Offset UFO Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on Linux systems...