CVE-2020-17528
Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length
Severity Score
9.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying arbitrary urgent data pointer offsets within TCP packets including beyond the length of the packet.
Una vulnerabilidad de escritura fuera de límites en la pila TCP de Apache NuttX (incubating) versiones hasta e incluyendo a 9.1.0 y 10.0.0, permite a un atacante corromper la memoria al suministrar compensaciones arbitrarias de puntero de datos urgentes dentro de los paquetes TCP, inclusive más allá de la longitud del paquete
*Credits:
Apache NuttX would like to thank Forescout for reporting the issue
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-08-12 CVE Reserved
- 2020-12-09 CVE Published
- 2024-12-17 EPSS Updated
- 2025-02-13 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2020/12/09/4 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Nuttx Search vendor "Apache" for product "Nuttx" | <= 9.1.0 Search vendor "Apache" for product "Nuttx" and version " <= 9.1.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Nuttx Search vendor "Apache" for product "Nuttx" | 10.0.0 Search vendor "Apache" for product "Nuttx" and version "10.0.0" | - |
Affected
| ||||||