CVE-2020-11908Improper Input Validation in TCP IP

CWE-20Improper Input Validation4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.6%
top 31.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Treck TCP IP
Timeline
PublishedJun 17
Latest updateMay 24

Description

The Treck TCP/IP stack before 4.7.1.27 mishandles '\0' termination in DHCP.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

NVDtreck/tcp_ip< 4.7.1.27

🔴Vulnerability Details

2
GHSA
GHSA-xg49-wcx3-x7r3: The Treck TCP/IP stack before 42022-05-24
CVEList
CVE-2020-11908: The Treck TCP/IP stack before 42020-06-17

📋Vendor Advisories

1
Cisco
Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 20202020-06-17
CVE-2020-11908 — Improper Input Validation in TCP IP | cvebase