EUVD-2020-19732

Malware in sbrugna...

CVE-2020-27213

An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers ISNs for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existin...

CVE-2020-27213

An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers ISNs for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existin...

CVE-2020-27213

An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers ISNs for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existin...

CVE-2020-27213

An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers ISNs for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existin...

Code injection

An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers ISNs for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existin...

CVE-2020-27213

CVE-2020-27213 affects Ethernut Nut/OS 5.1 where ISN generation for TCP is derived from a insufficiently random source, enabling an attacker to determine ISN values for current and future connections and potentially hijack or spoof TCP connections. The issue is documented across multiple trusted ...

CVE-2020-27213

An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers ISNs for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existin...

CVE-2020-27213

An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers ISNs for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existin...

SUSE CVE-2020-25107

An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. There is no check on whether a domain name has '\0' termination. This may lead to successful Denial-of-Service, and possibly Remote Code Execution...

SUSE CVE-2020-25108

An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The DNS response data length is not checked it can be set to an arbitrary value from a packet. This may lead to successful Denial-of-Service, and possibly Remote Code Execution...

SUSE CVE-2020-25109

An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The number of DNS queries/responses set in a DNS header is not checked against the data present. This may lead to successful Denial-of-Service, and possibly Remote Code Execution...

SUSE CVE-2020-25110

An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The length byte of a domain name in a DNS query/response is not checked, and is used for internal memory operations. This may lead to successful Denial-of-Service, and possibly Remote Code Execution...

PT-2021-2223 · Unknown · Ethernut Nut/Os

Name of the Vulnerable Software and Affected Versions: Ethernut Nut/OS version 5.1 Description: An issue was discovered in the code that generates Initial Sequence Numbers ISNs for TCP connections, deriving the ISN from an insufficiently random source. This allows an attacker to determine the ISN...

Nut/OS Denial of Service and Remote Code Execution Vulnerability (CNVD-2021-19760)

Nut/OS is a modular, open-source real-time operating system for embedded platforms. A denial of service and remote code execution vulnerability exists in the DNS implementation in Ethernut in Nut/OS 5.1. The vulnerability stems from not checking the number of DNS queries/responses against availab...

Nut/OS Denial of Service and Remote Code Execution Vulnerabilities

Nut/OS is a modular, open-source real-time operating system for embedded platforms. A denial of service and remote code execution vulnerability exists in the DNS implementation in Ethernut in Nut/OS 5.1. The vulnerability stems from using the length byte of a domain name in a DNS query/response f...

Nut/OS Denial of Service and Remote Code Execution Vulnerability (CNVD-2021-19759)

Nut/OS is a modular, open-source real-time operating system for embedded platforms. A denial of service and remote code execution vulnerability exists in the DNS implementation in Ethernut in Nut/OS 5.1. The vulnerability stems from a failure to check the DNS response data length. An attacker cou...

CVE-2020-25109

An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The number of DNS queries/responses set in a DNS header is not checked against the data present. This may lead to successful Denial-of-Service, and possibly Remote Code Execution...

CVE-2020-25107

An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. There is no check on whether a domain name has '\0' termination. This may lead to successful Denial-of-Service, and possibly Remote Code Execution...

CVE-2020-25108

An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The DNS response data length is not checked it can be set to an arbitrary value from a packet. This may lead to successful Denial-of-Service, and possibly Remote Code Execution...