CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-24341
https://notcve.org/view.php?id=CVE-2020-24341
11 Dec 2020 — An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The TCP input data processing function in pico_tcp.c does not validate the length of incoming TCP packets, which leads to an out-of-bounds read when assembling received packets into a data segment, eventually causing Denial-of-Service or an information leak. Se detectó un problema en picoTCP y picoTCP-NG versiones hasta 1.7.0. La función de procesamiento de datos de entrada TCP en el archivo pico_tcp.c no comprueba la longitud de los paqu... • https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-24340
https://notcve.org/view.php?id=CVE-2020-24340
11 Dec 2020 — An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The code that processes DNS responses in pico_mdns_handle_data_as_answers_generic() in pico_mdns.c does not check whether the number of answers/responses specified in a DNS packet header corresponds to the response data available in the packet, leading to an out-of-bounds read, invalid pointer dereference, and Denial-of-Service. Se detectó un problema en picoTCP y picoTCP-NG versiones hasta 1.7.0. El código que procesa las respuestas DNS ... • https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-24339
https://notcve.org/view.php?id=CVE-2020-24339
11 Dec 2020 — An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The DNS domain name record decompression functionality in pico_dns_decompress_name() in pico_dns_common.c does not validate the compression pointer offset values with respect to the actual data present in a DNS response packet, causing out-of-bounds reads that lead to Denial-of-Service. Se detectó un problema en picoTCP y picoTCP-NG versiones hasta 1.7.0. La funcionalidad de descompresión de registros de nombres de dominio DNS en la funci... • https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-24337
https://notcve.org/view.php?id=CVE-2020-24337
11 Dec 2020 — An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. When an unsupported TCP option with zero length is provided in an incoming TCP packet, it is possible to cause a Denial-of-Service by achieving an infinite loop in the code that parses TCP options, aka tcp_parse_options() in pico_tcp.c. Se detectó un problema en picoTCP y picoTCP-NG versiones hasta 1.7.0. Cuando se proporciona una opción TCP no compatible con longitud cero en un paquete TCP entrante, es posible causar una Denegación de Se... • https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •