CVE-2020-13988
published 2020-12-11CVE-2020-13988: An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network…
PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
3.91%
89.0th percentile
An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| contiki-ng | contiki-ng | <= 3.0 | — |
| debian | open-iscsi | < open-iscsi 2.1.3-1 (bookworm) | open-iscsi 2.1.3-1 (bookworm) |
| open-iscsi_project | open-iscsi | >= 0 < 2.1.3-1 | 2.1.3-1 |
| open-iscsi_project | open-iscsi | >= 0 < 2.1.3-1 | 2.1.3-1 |
| open-iscsi_project | open-iscsi | >= 0 < 2.1.3-1 | 2.1.3-1 |
| open-iscsi_project | open-iscsi | >= 0 < 2.1.3-1 | 2.1.3-1 |
| open-iscsi_project | open-iscsi | >= 0 < 2.0.874-7.1ubuntu6.4 | 2.0.874-7.1ubuntu6.4 |
| open-iscsi_project | open-iscsi | >= 0 < 2.0.873+git0.3b4b4500-14ubuntu3.7+esm1 | 2.0.873+git0.3b4b4500-14ubuntu3.7+esm1 |
| open-iscsi_project | open-iscsi | >= 0 < 2.0.874-5ubuntu2.11+esm1 | 2.0.874-5ubuntu2.11+esm1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Open-iSCSI vulnerabilities
vendor_ubuntu·2023-07-27·CVSS 7.5
CVE-2020-13988 [HIGH] Open-iSCSI vulnerabilities
Title: Open-iSCSI vulnerabilities
Summary: Several security issues were fixed in Open-iSCSI.
Jos Wetzels, Stanislav Dashevskyi, and Amine Amri discovered that
Open-iSCSI incorrectly handled certain checksums for IP packets.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2020-13987)
Jos Wetzels, Stanislav Dashevskyi, Amine Amri discovered that
Open-iSCSI incorrectly handled certain parsing TCP MSS options.
An attacker could possibly use this issue to cause a crash or cause
unexpected behavior. (CVE-2020-13988)
Amine Amri and Stanislav Dashevskyi discovered that Open-iSCSI
incorrectly handled certain TCP data. An attacker could possibly
use this issue to expose sensitive information. (CVE-2020-17437)
Instructions: In general, a standard system update wil
CISA ICS
Siemens Embedded TCP/IP Stack Vulnerabilities–AMNESIA:33 (Update C)
cisa_ics·2021-03-09·CVSS 7.5
[HIGH] Siemens Embedded TCP/IP Stack Vulnerabilities–AMNESIA:33 (Update C)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens Embedded TCP/IP Stack Vulnerabilities–AMNESIA:33 (Update C)
Last RevisedApril 13, 2021
Alert CodeICSA-20-343-05
## 1. EXECUTIVE SUMMARY
- CVSS v3 6.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: ENTRON 3VA COM100/800, SENTRON 3VA DSP800, SENTRON PAC2200, SENTRON PAC3200T, SENTRON PAC3200, SENTRON PAC4200, SIRIUS 3RW5
- Vulnerability: Integer Overflow
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the advisory update titled ICSA-20-343-05 Siemens Embedded TCP/IP Stack Vulnerabilities–AMNESIA:33 (Update B) t
Red Hat
Open-iSCSI: counter wraparound resulting in infinite loop
vendor_redhat·2020-12-09·CVSS 7.5
CVE-2020-13988 [HIGH] CWE-190 Open-iSCSI: counter wraparound resulting in infinite loop
Open-iSCSI: counter wraparound resulting in infinite loop
An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c.
Package: iscsi-initiator-utils (Red Hat Enterprise Linux 5) - Out of support scope
Package: iscsi-initiator-utils (Red Hat Enterprise Linux 6) - Out of support scope
Package: iscsi-initiator-utils (Red Hat Enterprise Linux 7) - Not affected
Package: iscsi-initiator-utils (Red Hat Enterprise Linux 8) - Not affected
Package: iscsi-initiator-utils (Red Hat Enterprise Linux 9) - Not affected
CISA ICS
Multiple Embedded TCP/IP Stacks
cisa_ics·2020-12-09
Multiple Embedded TCP/IP Stacks
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Multiple Embedded TCP/IP Stacks
Last RevisedDecember 09, 2020
Alert CodeICSA-20-343-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Multiple (open source)
- Equipment: uIP-Contiki-OS, uIP-Contiki-NG, uIP, open-iscsi, picoTCP-NG, picoTCP, FNET, Nut/Net
- Vulnerabilities: Infinite Loop, Integer Wraparound, Out-of-bounds Read, Integer Overflow, Out-of-bounds Write, Improper Input Validation, Improper Null Termination
CISA is aware of a public report, known as “AMNESIA:33” that details vulnerabilities found in mult
Debian
CVE-2020-13988: open-iscsi - An issue was discovered in Contiki through 3.0. An Integer Overflow exists in th...
vendor_debian·2020·CVSS 7.5
CVE-2020-13988 [HIGH] CVE-2020-13988: open-iscsi - An issue was discovered in Contiki through 3.0. An Integer Overflow exists in th...
An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c.
Scope: local
bookworm: resolved (fixed in 2.1.3-1)
bullseye: resolved (fixed in 2.1.3-1)
forky: resolved (fixed in 2.1.3-1)
sid: resolved (fixed in 2.1.3-1)
trixie: resolved (fixed in 2.1.3-1)
OSV
open-iscsi vulnerabilities
osv·2023-07-27·CVSS 7.5
CVE-2020-13987 [HIGH] open-iscsi vulnerabilities
open-iscsi vulnerabilities
Jos Wetzels, Stanislav Dashevskyi, and Amine Amri discovered that
Open-iSCSI incorrectly handled certain checksums for IP packets.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2020-13987)
Jos Wetzels, Stanislav Dashevskyi, Amine Amri discovered that
Open-iSCSI incorrectly handled certain parsing TCP MSS options.
An attacker could possibly use this issue to cause a crash or cause
unexpected behavior. (CVE-2020-13988)
Amine Amri and Stanislav Dashevskyi discovered that Open-iSCSI
incorrectly handled certain TCP data. An attacker could possibly
use this issue to expose sensitive information. (CVE-2020-17437)
GHSA
GHSA-cx9v-96cj-78q9: An issue was discovered in Contiki through 3
ghsa_unreviewed·2022-05-24
CVE-2020-13988 [HIGH] CWE-190 GHSA-cx9v-96cj-78q9: An issue was discovered in Contiki through 3
An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c.
OSV
CVE-2020-13988: An issue was discovered in Contiki through 3
osv·2020-12-11·CVSS 7.5
CVE-2020-13988 [HIGH] CVE-2020-13988: An issue was discovered in Contiki through 3
An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c.
No detection rules found.
No public exploits indexed.
2020-12-11
Published