First published: Fri Dec 11 2020(Updated: )
An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The code that processes DNS responses in pico_mdns_handle_data_as_answers_generic() in pico_mdns.c does not check whether the number of answers/responses specified in a DNS packet header corresponds to the response data available in the packet, leading to an out-of-bounds read, invalid pointer dereference, and Denial-of-Service.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Altran picoTCP | <=1.7.0 | |
Altran Picotcp-ng | <=1.7.0 | |
Multiple (open source) picoTCP-NG, Version 1.7.0 and prior | ||
Multiple (open source) picoTCP (EOL), Version 1.7.0 and prior | ||
Multiple (open source) FNET, Version 4.6.3 | ||
Multiple (open source) Nut/Net, Version 5.1 and prior |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-24340 is a vulnerability in picoTCP and picoTCP-NG through 1.7.0 that allows an attacker to bypass security restrictions via a crafted DNS packet.
CVE-2020-24340 affects Altran picoTCP and Altran Picotcp-ng versions up to and including 1.7.0.
CVE-2020-24340 has a severity rating of 7.5 (high).
An attacker can exploit CVE-2020-24340 by sending a crafted DNS packet with a mismatch between the number of answers specified in the packet header and the actual response data.
Yes, users should update to a version of picoTCP or picoTCP-NG that is higher than 1.7.0 to fix CVE-2020-24340.