First published: Fri Dec 11 2020(Updated: )
An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The number of DNS queries/responses (set in a DNS header) is not checked against the data present. This may lead to successful Denial-of-Service, and possibly Remote Code Execution.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Ethernut nut/os | <=5.1 | |
Contiki OS | ||
Contiki-NG | ||
uIP | ||
open-iscsi | ||
altran picoTCP-NG | ||
picoTCP | ||
butok FNET | ||
Nut/Net |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-25109 has been identified as a potential Denial-of-Service vulnerability and may allow for Remote Code Execution.
To fix CVE-2020-25109, ensure that you update to the latest version of the affected software that addresses this vulnerability.
CVE-2020-25109 affects Ethernut in Nut/OS versions up to 5.1 and several other open-source networking products.
CVE-2020-25109 is categorized as a DNS implementation vulnerability leading to Denial-of-Service and possibly Remote Code Execution.
Yes, CVE-2020-25109 can potentially be exploited remotely due to the nature of the DNS implementation flaw.