CVE-2026-6985

A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The...

DEBIAN-CVE-2026-6985

A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The...

CVE-2026-6985

A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The...

CVE-2026-6985

CVE-2026-6985 affects Cesanta Mongoose up to 7.20, specifically the TCP Option Handler’s handle_opt in /src/net_builtin.c. The vulnerability arises from manipulating the argument optlen, which can cause an infinite loop. It is described as remotely exploitable, and an exploit has been made public...

CVE-2026-6985

A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The...

PT-2026-35156

A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handle opt of the file /src/net builtin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. T...

CVE-1999-0193

Denial of service in Ascend and 3com routers, which can be rebooted by sending a zero length TCP option...

EUVD-1999-0193

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-47245

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: synproxy: Fix out of bounds when parsing TCP options The TCP option parser in synproxy synproxyparseoptions could read one byte out of bounds. When t...

Juniper JunOS Malformed TCP Option

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Juniper JunOS Malformed TCP Option', 'Description' = %q This module exploits a denial of service vulnerability in Juniper Network's JunOS router...

SUSE CVE-2021-47593

In the Linux kernel, the following vulnerability has been resolved: mptcp: clear 'kern' flag from fallback sockets The mptcp ULP extension relies on sk-sksockkern being set correctly: It prevents setsockoptfd, IPPROTOTCP, TCPULP, "mptcp", 6; from working for plain tcp sockets any userspace-expose...

CVE-2021-47243

In the Linux kernel, the following vulnerability has been resolved: schcake: Fix out of bounds when parsing TCP options and header The TCP option parser in cake qdisc cakegettcpopt and caketcphmaydrop could read one byte out of bounds. When the length is 1, the execution flow gets into the loop,...

CVE-2021-47244

In the Linux kernel, the following vulnerability has been resolved: mptcp: Fix out of bounds when parsing TCP options The TCP option parser in mptcp mptcpgetoptions could read one byte out of bounds. When the length is 1, the execution flow gets into the loop, reads one byte of the opcode, and if...

CVE-2021-47245

In the Linux kernel, the following vulnerability has been resolved: netfilter: synproxy: Fix out of bounds when parsing TCP options The TCP option parser in synproxy synproxyparseoptions could read one byte out of bounds. When the length is 1, the execution flow gets into the loop, reads one byte...

CVE-2021-47244

In the Linux kernel, the following vulnerability has been resolved: mptcp: Fix out of bounds when parsing TCP options The TCP option parser in mptcp mptcpgetoptions could read one byte out of bounds. When the length is 1, the execution flow gets into the loop, reads one byte of the opcode, and if...

CVE-2021-47243

In the Linux kernel, the following vulnerability has been resolved: schcake: Fix out of bounds when parsing TCP options and header The TCP option parser in cake qdisc cakegettcpopt and caketcphmaydrop could read one byte out of bounds. When the length is 1, the execution flow gets into the loop,...

CVE-2021-47243 sch_cake: Fix out of bounds when parsing TCP options and header

In the Linux kernel, the following vulnerability has been resolved: schcake: Fix out of bounds when parsing TCP options and header The TCP option parser in cake qdisc cakegettcpopt and caketcphmaydrop could read one byte out of bounds. When the length is 1, the execution flow gets into the loop,...

CVE-2021-47243

In the Linux kernel, the following vulnerability has been resolved: schcake: Fix out of bounds when parsing TCP options and header The TCP option parser in cake qdisc cakegettcpopt and caketcphmaydrop could read one byte out of bounds. When the length is 1, the execution flow gets into the loop,...

DEBIAN-CVE-2024-35840

In the Linux kernel, the following vulnerability has been resolved: mptcp: use OPTIONMPTCPMPJSYNACK in subflowfinishconnect subflowfinishconnect uses four fields backup, joinid, thmac, none that may contain garbage unless OPTIONMPTCPMPJSYNACK has been set in mptcpparseoption...

SUSE CVE-2004-0626

The tcpfindoption function of the netfilter subsystem in Linux kernel 2.6, when using iptables and TCP options rules, allows remote attackers to cause a denial of service CPU consumption by infinite loop via a large option length that produces a negative integer after a casting operation to the...