An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The TCP input data processing function in pico_tcp.c does not validate the length of incoming TCP packets, which leads to an out-of-bounds read when assembling received packets into a data segment, eventually causing Denial-of-Service or an information leak.
2020-12-11T23:15:14.153
2024-11-21T05:14:37.600
Modified
CVSSv3.1: 9.1 (CRITICAL)
AV:N/AC:L/Au:N/C:P/I:N/A:P
10.0
4.9
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | altran | picotcp | ≤ 1.7.0 | Yes |
Application | altran | picotcp-ng | ≤ 1.7.0 | Yes |