Picotcp-ng Security Vulnerabilities and Issues — Picotcp-ng CVE List

Lucene search

AltranPicotcp-ng

5 matches found

CVE•added 2020/12/11 11:15 p.m.•63 views

CVE-2020-24337

An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. When an unsupported TCP option with zero length is provided in an incoming TCP packet, it is possible to cause a Denial-of-Service by achieving an infinite loop in the code that parses TCP options, aka tcp_parse_options() in pico_tcp....

7.5CVSS7.5AI score0.00447EPSS

CVE•added 2020/12/11 11:15 p.m.•59 views

CVE-2020-24339

An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The DNS domain name record decompression functionality in pico_dns_decompress_name() in pico_dns_common.c does not validate the compression pointer offset values with respect to the actual data present in a DNS response packet, causin...

7.5CVSS7.5AI score0.00495EPSS

CVE•added 2020/12/11 11:15 p.m.•51 views

CVE-2020-24340

An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The code that processes DNS responses in pico_mdns_handle_data_as_answers_generic() in pico_mdns.c does not check whether the number of answers/responses specified in a DNS packet header corresponds to the response data available in t...

7.5CVSS7.6AI score0.00495EPSS

CVE•added 2020/12/11 11:15 p.m.•50 views

CVE-2020-24341

An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The TCP input data processing function in pico_tcp.c does not validate the length of incoming TCP packets, which leads to an out-of-bounds read when assembling received packets into a data segment, eventually causing Denial-of-Service...

9.1CVSS8.9AI score0.00739EPSS

CVE•added 2023/02/15 10:15 p.m.•35 views

CVE-2021-33304

Double Free vulnerability in virtualsquare picoTCP v1.7.0 and picoTCP-NG v2.1 in modules/pico_fragments.c in function pico_fragments_reassemble, allows attackers to execute arbitrary code.

9.8CVSS9.6AI score0.00246EPSS