CVE-2020-17438

{"id": "CVE-2020-17438", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-12-11T23:15:12.747", "references": [{"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "https://www.kb.cert.org/vuls/id/815128", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.kb.cert.org/vuls/id/815128", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails to properly validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP header. By crafting a packet with specific values of the IP header length and the fragmentation offset, attackers can write into the .bss section of the program (past the statically allocated buffer that is used for storing the fragmented data) and cause a denial of service in uip_reass() in uip.c, or possibly execute arbitrary code on some target architectures."}, {"lang": "es", "value": "Se detect\u00f3 un problema en uIP versi\u00f3n 1.0, como es usado en Contiki versi\u00f3n 3.0 y otros productos. El c\u00f3digo que reensambla los paquetes fragmentados no comprueba correctamente la longitud total de un paquete entrante especificado en su encabezado IP, as\u00ed como el valor de compensaci\u00f3n de fragmentaci\u00f3n especificado en el encabezado IP. Al dise\u00f1ar un paquete con valores espec\u00edficos de la longitud del encabezado IP y el desplazamiento de fragmentaci\u00f3n, los atacantes pueden escribir en la secci\u00f3n .bss del programa (m\u00e1s all\u00e1 del b\u00fafer asignado est\u00e1ticamente que se usa para almacenar los datos fragmentados) y causar una Denegaci\u00f3n de Servicio en la funci\u00f3n uip_reass() en el archivo uip.c, o posiblemente ejecutar c\u00f3digo arbitrario en algunas arquitecturas de destino"}], "lastModified": "2024-11-21T05:08:06.710", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:uip_project:uip:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D64553E4-7D30-4706-8386-628363A3EC85"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:contiki-os:contiki:3.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DCF3DB31-D1C3-4110-8919-13452E797D81"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}