An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The TCP input data processing function in pico_tcp.c does not validate the length of incoming TCP packets, which leads to an out-of-bounds read when assembling received packets into a data segment, eventually causing Denial-of-Service or an information leak.
{
"versions": [
{
"introduced": "0"
},
{
"last_affected": "1.7.0"
},
{
"introduced": "0"
},
{
"last_affected": "1.7.0"
}
]
}