CVE-2020-17437
published 2020-12-11CVE-2020-17437: An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to…
PriorityP344high8.2CVSS 3.1
AVNACLPRNUINSUCLINAH
EPSS
2.75%
84.4th percentile
An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked; therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | open-iscsi | < open-iscsi 2.1.3-1 (bookworm) | open-iscsi 2.1.3-1 (bookworm) |
| open-iscsi_project | open-iscsi | <= 2.1.7 | — |
| open-iscsi_project | open-iscsi | >= 0 < 2.1.3-1 | 2.1.3-1 |
| open-iscsi_project | open-iscsi | >= 0 < 2.1.3-1 | 2.1.3-1 |
| open-iscsi_project | open-iscsi | >= 0 < 2.1.3-1 | 2.1.3-1 |
| open-iscsi_project | open-iscsi | >= 0 < 2.1.3-1 | 2.1.3-1 |
| open-iscsi_project | open-iscsi | >= 0 < 2.0.874-7.1ubuntu6.4 | 2.0.874-7.1ubuntu6.4 |
| open-iscsi_project | open-iscsi | >= 0 < 2.0.873+git0.3b4b4500-14ubuntu3.7+esm1 | 2.0.873+git0.3b4b4500-14ubuntu3.7+esm1 |
| open-iscsi_project | open-iscsi | >= 0 < 2.0.874-5ubuntu2.11+esm1 | 2.0.874-5ubuntu2.11+esm1 |
| siemens | sentron_3va_com100_firmware | < 4.4.1 | 4.4.1 |
| siemens | sentron_3va_com800_firmware | < 4.4.1 | 4.4.1 |
| siemens | sentron_3va_dsp800_firmware | < 4.0 | 4.0 |
| siemens | sentron_pac2200_firmware | < 3.2.2 | 3.2.2 |
| siemens | sentron_pac3200_firmware | < 2.4.7 | 2.4.7 |
| siemens | sentron_pac3200t_firmware | < 3.2.2 | 3.2.2 |
| siemens | sentron_pac3220_firmware | < 3.2.0 | 3.2.0 |
| siemens | sentron_pac4200_firmware | < 2.3.0 | 2.3.0 |
| uip_project | uip | <= 1.0 | — |
CVSS provenance
nvdv3.18.2HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:P
osv8.2HIGH
vendor_debian8.2HIGH
vendor_redhat8.2HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Open-iSCSI vulnerabilities
vendor_ubuntu·2023-07-27·CVSS 7.5
CVE-2020-13988 [HIGH] Open-iSCSI vulnerabilities
Title: Open-iSCSI vulnerabilities
Summary: Several security issues were fixed in Open-iSCSI.
Jos Wetzels, Stanislav Dashevskyi, and Amine Amri discovered that
Open-iSCSI incorrectly handled certain checksums for IP packets.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2020-13987)
Jos Wetzels, Stanislav Dashevskyi, Amine Amri discovered that
Open-iSCSI incorrectly handled certain parsing TCP MSS options.
An attacker could possibly use this issue to cause a crash or cause
unexpected behavior. (CVE-2020-13988)
Amine Amri and Stanislav Dashevskyi discovered that Open-iSCSI
incorrectly handled certain TCP data. An attacker could possibly
use this issue to expose sensitive information. (CVE-2020-17437)
Instructions: In general, a standard system update wil
CISA ICS
Siemens TCP/IP Stack Vulnerabilities–AMNESIA:33 in SENTRON PAC / 3VA Devices (Update C)
cisa_ics·2021-08-10
Siemens TCP/IP Stack Vulnerabilities–AMNESIA:33 in SENTRON PAC / 3VA Devices (Update C)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens TCP/IP Stack Vulnerabilities–AMNESIA:33 in SENTRON PAC / 3VA Devices (Update C)
Last RevisedFebruary 10, 2022
Alert CodeICSA-21-068-06
## 1. EXECUTIVE SUMMARY
- CVSS v3 6.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SENTRON 3VA COM100/800, SENTRON 3VA DSP800, SENTRON PAC2200, SENTRON PAC3200T, SENTRON PAC3200, SENTRON PAC3220, SENTRON PAC4200
- Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write
## 2. UPDATE INFORMATION
ThThis updated advisory is a follow-up to the advisory update titled ICSA-21-068-06 Siemens TCP/IP
Red Hat
Open-iSCSI: invalid handing of the TCP urgent data pointer
vendor_redhat·2020-12-09·CVSS 8.2
CVE-2020-17437 [HIGH] CWE-130 Open-iSCSI: invalid handing of the TCP urgent data pointer
Open-iSCSI: invalid handing of the TCP urgent data pointer
An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked; therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.
Package: iscsi-initiator-utils (Red Hat Enterprise Linux 5) - Out of support scope
Package: iscsi-initiator-utils (Red Hat Enterprise Linux 6) - Out
CISA ICS
Multiple Embedded TCP/IP Stacks
cisa_ics·2020-12-09
Multiple Embedded TCP/IP Stacks
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Multiple Embedded TCP/IP Stacks
Last RevisedDecember 09, 2020
Alert CodeICSA-20-343-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Multiple (open source)
- Equipment: uIP-Contiki-OS, uIP-Contiki-NG, uIP, open-iscsi, picoTCP-NG, picoTCP, FNET, Nut/Net
- Vulnerabilities: Infinite Loop, Integer Wraparound, Out-of-bounds Read, Integer Overflow, Out-of-bounds Write, Improper Input Validation, Improper Null Termination
CISA is aware of a public report, known as “AMNESIA:33” that details vulnerabilities found in mult
Debian
CVE-2020-17437: open-iscsi - An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. W...
vendor_debian·2020·CVSS 8.2
CVE-2020-17437 [HIGH] CVE-2020-17437: open-iscsi - An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. W...
An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked; therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.
Scope: local
bookworm: resolved (fixed in 2.1.3-1)
bullseye: resolved (fixed in 2.1.3-1)
forky: resolved (fixed in 2.1.3-1)
sid: resolved (fixed in 2.1.3-1)
trixie: resolved (fixed in 2.1.3-1)
OSV
open-iscsi vulnerabilities
osv·2023-07-27·CVSS 7.5
CVE-2020-13987 [HIGH] open-iscsi vulnerabilities
open-iscsi vulnerabilities
Jos Wetzels, Stanislav Dashevskyi, and Amine Amri discovered that
Open-iSCSI incorrectly handled certain checksums for IP packets.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2020-13987)
Jos Wetzels, Stanislav Dashevskyi, Amine Amri discovered that
Open-iSCSI incorrectly handled certain parsing TCP MSS options.
An attacker could possibly use this issue to cause a crash or cause
unexpected behavior. (CVE-2020-13988)
Amine Amri and Stanislav Dashevskyi discovered that Open-iSCSI
incorrectly handled certain TCP data. An attacker could possibly
use this issue to expose sensitive information. (CVE-2020-17437)
GHSA
GHSA-cfgh-w4j7-hfhp: An issue was discovered in uIP 1
ghsa_unreviewed·2022-05-24
CVE-2020-17437 [HIGH] CWE-787 GHSA-cfgh-w4j7-hfhp: An issue was discovered in uIP 1
An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked; therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.
OSV
CVE-2020-17437: An issue was discovered in uIP 1
osv·2020-12-11·CVSS 8.2
CVE-2020-17437 [HIGH] CVE-2020-17437: An issue was discovered in uIP 1
An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked; therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.
No detection rules found.
No public exploits indexed.
https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdfhttps://us-cert.cisa.gov/ics/advisories/icsa-20-343-01https://www.kb.cert.org/vuls/id/815128https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdfhttps://us-cert.cisa.gov/ics/advisories/icsa-20-343-01https://www.kb.cert.org/vuls/id/815128
2020-12-11
Published