First published: Fri Dec 11 2020(Updated: )
An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. There is no check on whether a domain name has '\0' termination. This may lead to successful Denial-of-Service, and possibly Remote Code Execution.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Ethernut nut/os | <=5.1 | |
Contiki OS | ||
Contiki-NG | ||
uIP | ||
open-iscsi | ||
altran picoTCP-NG | ||
picoTCP | ||
butok FNET | ||
Nut/Net |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-25107 has the potential for Denial-of-Service and possibly Remote Code Execution, making it a significant vulnerability.
To fix CVE-2020-25107, ensure that domain names are properly checked for '\0' termination before processing.
CVE-2020-25107 affects Nut/OS 5.1, uIP-Contiki-OS versions 3.0 and prior, uIP-Contiki-NG versions 4.5 and prior, and several other open-source products.
Yes, CVE-2020-25107 can potentially be exploited remotely, as the vulnerability is related to DNS implementation.
Check the respective vendors for a patch, as remediation steps may differ based on the specific affected software.