First published: Fri Dec 11 2020(Updated: )
An issue was discovered in FNET through 4.6.4. The code for processing resource records in mDNS queries doesn't check for proper '\0' termination of the resource record name string, leading to an out-of-bounds read, and potentially causing information leak or Denial-or-Service.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
butok FNET | <=4.6.4 | |
Contiki OS | ||
Contiki-NG | ||
uIP | ||
SUSE Open-iSCSI | ||
altran picoTCP-NG | ||
picoTCP | ||
butok FNET | ||
Nut/Net |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-24383 has a medium severity, which can lead to information leakage or Denial-of-Service.
To fix CVE-2020-24383, update affected software to versions that are not vulnerable, specifically any that are higher than FNET 4.6.4.
CVE-2020-24383 affects FNET versions up to 4.6.4, uIP-Contiki-OS versions 3.0 and prior, and several other open-source products.
CVE-2020-24383 can lead to out-of-bounds read vulnerabilities, potentially allowing attackers to exploit information leaks.
There is currently no evidence that CVE-2020-24383 is actively being exploited in the wild, but it is still considered a risk.