An issue was discovered in picoTCP 1.7.0. The code for creating an ICMPv6 echo replies doesn't check whether the ICMPv6 echo request packet's size is shorter than 8 bytes. If the size of the incoming ICMPv6 request packet is shorter than this, the operation that calculates the size of the ICMPv6 echo replies has an integer wrap around, leading to memory corruption and, eventually, Denial-of-Service in pico_icmp6_send_echoreply_not_frag in pico_icmp6.c.
References
Link | Resource |
---|---|
https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01 | Third Party Advisory US Government Resource |
https://www.kb.cert.org/vuls/id/815128 | Third Party Advisory US Government Resource |
https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01 | Third Party Advisory US Government Resource |
https://www.kb.cert.org/vuls/id/815128 | Third Party Advisory US Government Resource |
Configurations
History
21 Nov 2024, 05:08
Type | Values Removed | Values Added |
---|---|---|
References | () https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01 - Third Party Advisory, US Government Resource | |
References | () https://www.kb.cert.org/vuls/id/815128 - Third Party Advisory, US Government Resource |
Information
Published : 2020-12-11 23:15
Updated : 2024-11-21 05:08
NVD link : CVE-2020-17443
Mitre link : CVE-2020-17443
CVE.ORG link : CVE-2020-17443
JSON object : View
Products Affected
altran
- picotcp