Uip@1.0 Security Vulnerabilities and Issues — Uip@1.0 CVE List

Lucene search

Uip ProjectUip1.0

3 matches found

CVE•added 2020/12/11 11:15 p.m.•72 views

CVE-2020-17438

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails to properly validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP header. By crafting...

9.8CVSS9.8AI score0.02364EPSS

CVE•added 2020/12/11 11:15 p.m.•69 views

CVE-2020-17440

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that parses incoming DNS packets does not validate that domain names present in the DNS responses have '\0' termination. This results in errors when calculating the offset of the pointer that jumps over domain n...

7.5CVSS7.5AI score0.00447EPSS

CVE•added 2020/12/11 11:15 p.m.•62 views

CVE-2020-17439

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that parses incoming DNS packets does not validate that the incoming DNS replies match outgoing DNS queries in newdata() in resolv.c. Also, arbitrary DNS replies are parsed if there was any outgoing DNS query wi...

8.3CVSS8.2AI score0.00377EPSS