// For flags

CVE-2020-17438

 

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails to properly validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP header. By crafting a packet with specific values of the IP header length and the fragmentation offset, attackers can write into the .bss section of the program (past the statically allocated buffer that is used for storing the fragmented data) and cause a denial of service in uip_reass() in uip.c, or possibly execute arbitrary code on some target architectures.

Se detectó un problema en uIP versión 1.0, como es usado en Contiki versión 3.0 y otros productos. El código que reensambla los paquetes fragmentados no comprueba correctamente la longitud total de un paquete entrante especificado en su encabezado IP, así como el valor de compensación de fragmentación especificado en el encabezado IP. Al diseñar un paquete con valores específicos de la longitud del encabezado IP y el desplazamiento de fragmentación, los atacantes pueden escribir en la sección .bss del programa (más allá del búfer asignado estáticamente que se usa para almacenar los datos fragmentados) y causar una Denegación de Servicio en la función uip_reass() en el archivo uip.c, o posiblemente ejecutar código arbitrario en algunas arquitecturas de destino

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-08-07 CVE Reserved
  • 2020-12-11 CVE Published
  • 2024-04-15 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-787: Out-of-bounds Write
CAPEC
References (2)
URL Tag Source
https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01 Third Party Advisory
https://www.kb.cert.org/vuls/id/815128 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Uip Project
Search vendor "Uip Project"
 Uip
Search vendor "Uip Project" for product "Uip"
 1.0
Search vendor "Uip Project" for product "Uip" and version "1.0"
-
Affected
in Contiki-os
Search vendor "Contiki-os"
 Contiki
Search vendor "Contiki-os" for product "Contiki"
 3.0
Search vendor "Contiki-os" for product "Contiki" and version "3.0"
-
Safe