CVE-2023-35846

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-35846
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-35846.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-35846
Published
2023-06-19T03:15:09Z
Modified
2025-10-21T13:18:51.042857Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not check the transport layer length in a frame before performing port filtering.

References

Affected packages

Git / github.com/virtualsquare/picotcp

Affected ranges

Type
GIT
Repo
https://github.com/virtualsquare/picotcp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d561990a358899178115e156871cc054a1c55ffe

Affected versions

2.*

2.0.0

V1.*

V1.0
V1.2.4

Other

sprint0
sprint1
sprint2
sprint3
sprint4
sprint5
sprint6
sprint7
sprint8

v1.*

v1.1-rc1
v1.2
v1.2.1
v1.2.2
v1.2.3
v1.3.0
v1.4.0
v1.4.1-dev-customer-sprint1
v1.5.0
v1.5.1
v1.6.0
v1.6.1
v1.6.2
v1.7.0

v2.*

v2.1

Database specific

vanir_signatures

[
    {
        "id": "CVE-2023-35846-380a6e0e",
        "source": "https://github.com/virtualsquare/picotcp/commit/d561990a358899178115e156871cc054a1c55ffe",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "function": "ipfilter",
            "file": "modules/pico_ipfilter.c"
        },
        "digest": {
            "function_hash": "15604502874702612504111479175039028916",
            "length": 803.0
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2023-35846-cd68b641",
        "source": "https://github.com/virtualsquare/picotcp/commit/d561990a358899178115e156871cc054a1c55ffe",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "modules/pico_ipfilter.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "232285406632546315363789241261533024495",
                "248071416619885531072362073670366830268",
                "256617179242313006427055983467964023110",
                "213842307385690783473638154939023626648",
                "285770788318624447220688066452460489083",
                "163110542380558240445229369479204111",
                "276597177956886508362739783233940125898",
                "203136066528707677838631440993583226305",
                "69438710099917194790702831334998226616",
                "263416057362065578551281656644685860219",
                "18438235547931478203702648496708742847",
                "214312749964043464020660052127994588030",
                "93646454849211744810170274829586574755",
                "224104974157288606537487666352805840938"
            ]
        },
        "signature_type": "Line"
    }
]