What is the severity of CVE-2023-35846?

CVE-2023-35846 is classified as a medium severity vulnerability due to its potential impact on network communications.

How do I fix CVE-2023-35846?

To address CVE-2023-35846, update PicoTCP to version 2.2 or later, where the issue has been resolved.

What causes CVE-2023-35846?

CVE-2023-35846 is caused by the failure of PicoTCP to validate the transport layer length in frames before applying port filtering.

Which versions of PicoTCP are affected by CVE-2023-35846?

PicoTCP versions through 2.1 are affected by CVE-2023-35846.

Is CVE-2023-35846 exploitable?

Yes, CVE-2023-35846 can be exploited under certain conditions, potentially allowing attackers to bypass port filtering.

Vulnerability/
CVE-2023-35846

high

7.5

19/6/2023

12/12/2024

CVE-2023-35846

First published: Mon Jun 19 2023(Updated: )

VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not check the transport layer length in a frame before performing port filtering.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
PicoTCP	<=2.1

Remedy

https://github.com/virtualsquare/picotcp/commit/d561990a358899178115e156871cc054a1c55ffe

Never miss a vulnerability like this again

Reference Links

https://github.com/virtualsquare/picotcp/commit/d561990a358899178115e156871cc054a1c55ffe

Frequently Asked Questions

What is the severity of CVE-2023-35846?
CVE-2023-35846 is classified as a medium severity vulnerability due to its potential impact on network communications.
How do I fix CVE-2023-35846?
To address CVE-2023-35846, update PicoTCP to version 2.2 or later, where the issue has been resolved.
What causes CVE-2023-35846?
CVE-2023-35846 is caused by the failure of PicoTCP to validate the transport layer length in frames before applying port filtering.
Which versions of PicoTCP are affected by CVE-2023-35846?
PicoTCP versions through 2.1 are affected by CVE-2023-35846.
Is CVE-2023-35846 exploitable?
Yes, CVE-2023-35846 can be exploited under certain conditions, potentially allowing attackers to bypass port filtering.

agent/type
agent/softwarecombine
agent/references
agent/remedy
agent/severity
agent/first-publish-date
agent/event
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/virtualsquare
canonical/picotcp
version/picotcp/2.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2023-35846?
CVE-2023-35846 is classified as a medium severity vulnerability due to its potential impact on network communications.
How do I fix CVE-2023-35846?
To address CVE-2023-35846, update PicoTCP to version 2.2 or later, where the issue has been resolved.
What causes CVE-2023-35846?
CVE-2023-35846 is caused by the failure of PicoTCP to validate the transport layer length in frames before applying port filtering.
Which versions of PicoTCP are affected by CVE-2023-35846?
PicoTCP versions through 2.1 are affected by CVE-2023-35846.
Is CVE-2023-35846 exploitable?
Yes, CVE-2023-35846 can be exploited under certain conditions, potentially allowing attackers to bypass port filtering.