9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
75.7%
An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other
products. The code that reassembles fragmented packets fails to properly
validate the total length of an incoming packet specified in its IP header,
as well as the fragmentation offset value specified in the IP header. By
crafting a packet with specific values of the IP header length and the
fragmentation offset, attackers can write into the .bss section of the
program (past the statically allocated buffer that is used for storing the
fragmented data) and cause a denial of service in uip_reass() in uip.c, or
possibly execute arbitrary code on some target architectures.
Author | Note |
---|---|
sbeattie | aka FSCT-2020-0015 issue in embedded copy of uIP |
mdeslaur | per upstream developers, open-iscsi wasn’t affected by this CVE |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
75.7%