Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : lwIP vulnerabilities (USN-8423-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8423-1 advisory. It was discovered that lwIP contained a buffer overflow in the EAP authentication handling code. An attacker could...

CVE-2026-45160 ESF-IDF: Out-of-bounds Read in lwIP DHCP Server Option Parser

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser parseoptions in components/lwip/apps/dhcpserver/dhcpserver.c shipped with ESP-IDF's lwIP component. The pars...

OESA-2026-2480 lwip security update

lwip is a small independent implementation of the TCP/IP protocol suite. Security Fixes: A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmpparseinboundframe of the file src/apps/snmp/snmpmsg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument...

CVE-2026-8836

A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmpparseinboundframe of the file src/apps/snmp/snmpmsg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument msgAuthenticationParameters results in stack-based buffer overflow. The attack may be...

EUVD-2026-30793

A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmpparseinboundframe of the file src/apps/snmp/snmpmsg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument msgAuthenticationParameters results in stack-based buffer overflow. The attack may be...

CVE-2026-8836 lwIP snmpv3 USM snmp_msg.c snmp_parse_inbound_frame stack-based overflow

A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmpparseinboundframe of the file src/apps/snmp/snmpmsg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument msgAuthenticationParameters results in stack-based buffer overflow. The attack may be...

CVE-2026-8836

A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmpparseinboundframe of the file src/apps/snmp/snmpmsg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument msgAuthenticationParameters results in stack-based buffer overflow. The attack may be...

Linux Distros Unpatched Vulnerability : CVE-2026-8836

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmpparseinboundframe of the file src/apps/snmp/snmpmsg.c of the component snmpv3 USM...

lwip-2026-pocs

lwip-2026-pocs Proof-of-concept exploits from the xchglabs...

EUVD-2020-15049

Malware in sbrugna...

EUVD-2020-15048

Malware in sbrugna...

EUVD-2014-4802

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-22283

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A buffer overflow vulnerability in the icmp6sendresponsewithaddrsandnetif function of Free Software Foundation lwIP version git head allows attackers to access...

CVE-2020-22284

A buffer overflow vulnerability in the zepiflinkoutput function of Free Software Foundation lwIP git head version and version 2.1.2 allows attackers to access sensitive information via a crafted 6LoWPAN packet...

CVE-2020-22283

A buffer overflow vulnerability in the icmp6sendresponsewithaddrsandnetif function of Free Software Foundation lwIP version git head allows attackers to access sensitive information via a crafted ICMPv6 packet...

PT-2024-24976 · Lwip · Lwip

Name of the Vulnerable Software and Affected Versions: lwip affected versions not specified Description: The issue is related to a missing bounds check in the lwis initialize transaction fences function of lwis fence.c, which could lead to a possible out of bounds write. This could result in loca...

Debian: Security Advisory (DLA-3655-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3655-1] lwip security update

Debian LTS Advisory DLA-3655-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost November 18, 2023 https://wiki.debian.org/LTS Package : lwip Version : 2.0.3-3+deb10u2 CVE ID : CVE-2020-22283 Debian Bug : 991646 A buffer overflow vulnerability has been found in lwip, a...

DLA-3655-1 lwip - security update

Bulletin has no description...

Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Credentials Extraction

!/usr/bin/env python Exploit Title: Tinycontrol LAN Controller v3 LK3 - Remote Credentials Extraction Exploit Author: LiquidWorm Vendor: Tinycontrol Product web page: https://www.tinycontrol.pl Affected version: this with a calendar when - then. The device provides a user interface in the form of...