What is the severity of CVE-2020-25110?

CVE-2020-25110 is classified as a high severity vulnerability due to its potential for Denial-of-Service and possible Remote Code Execution.

How do I fix CVE-2020-25110?

To mitigate CVE-2020-25110, update the affected software to a version after 5.1 for Ethernut and ensure other affected open-source products are also updated.

What software is affected by CVE-2020-25110?

CVE-2020-25110 affects Ethernut Nut/OS 5.1 and prior, as well as various open source software including Contiki OS, uIP, and open-iscsi.

What kind of attacks can CVE-2020-25110 lead to?

CVE-2020-25110 can lead to successful Denial-of-Service attacks and potentially allow for Remote Code Execution.

Is CVE-2020-25110 a local or remote vulnerability?

CVE-2020-25110 is a remote vulnerability, allowing attackers to exploit it from a distance.

Vulnerability/
CVE-2020-25110

critical

9.8

CWE

125

11/12/2020

4/8/2024

CVE-2020-25110

First published: Fri Dec 11 2020(Updated: )

An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The length byte of a domain name in a DNS query/response is not checked, and is used for internal memory operations. This may lead to successful Denial-of-Service, and possibly Remote Code Execution.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Ethernut nut/os	<=5.1
Contiki OS
Contiki-NG
uIP
SUSE Open-iSCSI
altran picoTCP-NG
picoTCP
butok FNET
Nut/Net

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

ICSA-20-343-01

Frequently Asked Questions

What is the severity of CVE-2020-25110?
CVE-2020-25110 is classified as a high severity vulnerability due to its potential for Denial-of-Service and possible Remote Code Execution.
How do I fix CVE-2020-25110?
To mitigate CVE-2020-25110, update the affected software to a version after 5.1 for Ethernut and ensure other affected open-source products are also updated.
What software is affected by CVE-2020-25110?
CVE-2020-25110 affects Ethernut Nut/OS 5.1 and prior, as well as various open source software including Contiki OS, uIP, and open-iscsi.
What kind of attacks can CVE-2020-25110 lead to?
CVE-2020-25110 can lead to successful Denial-of-Service attacks and potentially allow for Remote Code Execution.
Is CVE-2020-25110 a local or remote vulnerability?
CVE-2020-25110 is a remote vulnerability, allowing attackers to exploit it from a distance.

agent/type
agent/severity
agent/weakness
agent/author
agent/references
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/trending
agent/source
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/ics-cert-advisory
source/ICS
agent/software-canonical-lookup
vendor/ethernut
canonical/ethernut nut/os
version/ethernut nut/os/5.1
vendor/multiple (open source)
canonical/contiki os
canonical/contiki-ng
canonical/uip
canonical/suse open-iscsi
canonical/altran picotcp-ng
canonical/picotcp
canonical/butok fnet
canonical/nut/net

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.