Huawei EulerOS: Security Advisory for iscsi-initiator-utils (EulerOS-SA-2021-1076)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : open-iscsi (EulerOS-SA-2021-1012)

According to the versions of the open-iscsi package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is...

EulerOS 2.0 SP9 : open-iscsi (EulerOS-SA-2021-1031)

According to the versions of the open-iscsi package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is...

Denial Of Service (DoS)

open-iscsi is vulnerable to denial of service DoS. The vulnerability exists through an Out-of-Bounds read in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upperlayerchksum in net/ipv4/uip.c...

New Critical Flaws in Treck TCP/IP Stack Affect Millions of IoT Devices

The US Cybersecurity Infrastructure and Security Agency CISA has warned of critical vulnerabilities in a low-level TCP/IP software library developed by Treck that, if weaponized, could allow remote attackers to run arbitrary commands and mount denial-of-service DoS attacks. The four flaws affect...

Ripple20 Treck TCP/IP Stack Vulnerabilities

Treck IP stack implementations for embedded systems are affected by multiple vulnerabilities. This set of vulnerabilities was researched and reported by JSOF, who calls them Ripple20. A summary of JSOF’s research is here, along with a technical whitepaper. See the Rapid7 Analysis tab for further...

Treck TCP/IP stack denial of service vulnerability

Treck TCP/IP is a suite of TCP Transmission Control Protocol/IP Internet Interconnection Protocol from Treck, Inc. dedicated to embedded systems. A denial of service vulnerability exists in Treck TCP/IP stack version 6.0.1.67 and prior versions, which stems from a vulnerability in the Treck HTTP...

Contiki infinite loop vulnerability (CNVD-2021-29450)

Contiki is an open source, highly portable, networked multitasking operating system for memory-constrained systems. An infinite loop vulnerability exists in the processing of IPv6 extended headers in exthdroptionsprocess in net/ipv6/uip6.c in the uIP TCP/IP stack component in Contiki 3.0 and...

DEBIAN-CVE-2020-17437

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by...

CVE-2020-13986

An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rplremoveheader in net/rpl/rpl-ext-header.c...

CVE-2020-13988

An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uipprocess in net/ipv4/uip.c...

CVE-2020-13985

An issue was discovered in Contiki through 3.0. A memory corruption vulnerability exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rplremoveheader in net/rpl/rpl-ext-header.c...

CVE-2020-13987

An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upperlayerchksum in net/ipv4/uip.c...

CVE-2020-13987

An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upperlayerchksum in net/ipv4/uip.c...

CVE-2020-13984

An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when processing IPv6 extension headers in exthdroptionsprocess in net/ipv6/uip6.c...

CVE-2020-13988

An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uipprocess in net/ipv4/uip.c...

Code injection

An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when processing IPv6 extension headers in exthdroptionsprocess in net/ipv6/uip6.c...

CVE-2020-13988

An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uipprocess in net/ipv4/uip.c...

CVE-2020-13988

CVE-2020-13988 affects Contiki (through version 3.0) via the uIP TCP/IP Stack: an Integer Overflow in uip_process (net/ipv4/uip.c) when parsing TCP MSS options in IPv4 packets. Exploitation details are not provided in the available documents; the Nessus advisories confirm the CVE alongside relate...

CVE-2020-13988

An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uipprocess in net/ipv4/uip.c...