CVE-2020-17443

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-17443
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-17443.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-17443
Published
2020-12-11T23:15:13Z
Modified
2024-09-03T03:18:48.766094Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in picoTCP 1.7.0. The code for creating an ICMPv6 echo replies doesn't check whether the ICMPv6 echo request packet's size is shorter than 8 bytes. If the size of the incoming ICMPv6 request packet is shorter than this, the operation that calculates the size of the ICMPv6 echo replies has an integer wrap around, leading to memory corruption and, eventually, Denial-of-Service in picoicmp6sendechoreplynotfrag in picoicmp6.c.

References

Affected packages

Git / github.com/tass-belgium/picotcp

Affected ranges

Type
GIT
Repo
https://github.com/tass-belgium/picotcp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

V1.*

V1.0
V1.2.4

Other

sprint0
sprint1
sprint2
sprint3
sprint4
sprint5
sprint6
sprint7
sprint8

v1.*

v1.1-rc1
v1.2
v1.2.1
v1.2.2
v1.2.3
v1.3.0
v1.4.0
v1.4.1-dev-customer-sprint1
v1.5.0
v1.5.1
v1.6.0
v1.6.1
v1.6.2
v1.7.0