First published: Fri Dec 11 2020(Updated: )
An issue was discovered in picoTCP 1.7.0. The code for processing the IPv6 headers does not validate whether the IPv6 payload length field is equal to the actual size of the payload, which leads to an Out-of-Bounds read during the ICMPv6 checksum calculation, resulting in either Denial-of-Service or Information Disclosure. This affects pico_ipv6_extension_headers and pico_checksum_adder (in pico_ipv6.c and pico_frame.c).
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Altran picoTCP | <=1.7.0 | |
Microchip Mplab Harmony | >=3.0.0<3.7.0 | |
Multiple (open source) picoTCP-NG, Version 1.7.0 and prior | ||
Multiple (open source) picoTCP (EOL), Version 1.7.0 and prior | ||
Multiple (open source) FNET, Version 4.6.3 | ||
Multiple (open source) Nut/Net, Version 5.1 and prior |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-17441 is a vulnerability in picoTCP 1.7.0 that allows for an Out-of-Bounds read during the ICMPv6 checksum calculation, resulting in Denial-of-Service or other possible impacts.
CVE-2020-17441 has a severity rating of 9.1 (critical).
CVE-2020-17441 affects Altran picoTCP version 1.7.0 and can result in Denial-of-Service or other possible impacts.
CVE-2020-17441 affects Microchip Mplab Harmony versions from 3.0.0 to 3.7.0 and can result in Denial-of-Service or other possible impacts.
To fix CVE-2020-17441 in Altran picoTCP, update to a version higher than 1.7.0.
To fix CVE-2020-17441 in Microchip Mplab Harmony, update to a version higher than 3.7.0.