CVE-2020-11897Out-of-bounds Write in TCP IP

CWE-787Out-of-bounds WriteCWE-20Improper Input Validation8 documents7 sources
Severity
10.0CRITICALNVD
EPSS
1.8%
top 17.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Treck TCP IPPaloalto Pan-os
Timeline
PublishedJun 17
Latest updateMay 24

Description

The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages2 packages

NVDtreck/tcp_ip< 5.0.1.35
Palo Altopaloalto/pan-os

🔴Vulnerability Details

2
GHSA
GHSA-95jv-7wgq-5p3q: The Treck TCP/IP stack before 52022-05-24
CVEList
CVE-2020-11897: The Treck TCP/IP stack before 52020-06-17

📋Vendor Advisories

2
Palo Alto
PAN2020-07-08
Cisco
Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 20202020-06-17
CVE-2020-11897 — Out-of-bounds Write in Treck TCP IP | cvebase