CVE-2020-17441

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-17441

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-17441.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-17441

Published

2020-12-11T23:15:13.213Z

Modified

2026-04-10T04:23:51.181479Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in picoTCP 1.7.0. The code for processing the IPv6 headers does not validate whether the IPv6 payload length field is equal to the actual size of the payload, which leads to an Out-of-Bounds read during the ICMPv6 checksum calculation, resulting in either Denial-of-Service or Information Disclosure. This affects picoipv6extensionheaders and picochecksumadder (in picoipv6.c and pico_frame.c).

References

Affected packages

Git / github.com/tass-belgium/picotcp

Affected ranges

Type

GIT

Repo

https://github.com/tass-belgium/picotcp

Events

Introduced

Last affected

13c00a067190f5ec62340ed932a2bb833c366d63

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.7.0"
        }
    ]
}

Affected versions

V1.*

V1.0

V1.2.4

Other

sprint0

sprint1

sprint2

sprint3

sprint4

sprint5

sprint6

sprint7

sprint8

v1.*

v1.2

v1.2.1

v1.2.2

v1.3.0

v1.5.0

v1.5.1

v1.6.0

v1.6.1

v1.6.2

v1.7.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-17441.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "3.0.0"
            },
            {
                "fixed": "3.7.0"
            }
        ]
    }
]