CVE-2020-11898Improper Restriction of Operations within the Bounds of a Memory Buffer in TCP IP

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-20Improper Input ValidationCWE-200Sensitive Information Exposure7 documents6 sources
Severity
9.1CRITICALNVD
EPSS
58.0%
top 1.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Treck TCP IPPaloalto Pan-os
Timeline
PublishedJun 17
Latest updateMay 24

Description

The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

NVDtreck/tcp_ip< 6.0.1.66
Palo Altopaloalto/pan-os

🔴Vulnerability Details

2
GHSA
GHSA-8hhv-42hq-p4q9: The Treck TCP/IP stack before 62022-05-24
CVEList
CVE-2020-11898: The Treck TCP/IP stack before 62020-06-17

📋Vendor Advisories

2
Palo Alto
PAN2020-07-08
Cisco
Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 20202020-06-17
CVE-2020-11898 — Treck TCP IP vulnerability | cvebase