cbcvebase.
CVE-2020-17437
published 2020-12-11

CVE-2020-17437: An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to…

PriorityP344high8.2CVSS 3.1
AVNACLPRNUINSUCLINAH
EPSS
2.75%
84.4th percentile
An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked; therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.

Affected

18 ranges
VendorProductVersion rangeFixed in
debianopen-iscsi< open-iscsi 2.1.3-1 (bookworm)open-iscsi 2.1.3-1 (bookworm)
open-iscsi_projectopen-iscsi<= 2.1.7
open-iscsi_projectopen-iscsi>= 0 < 2.1.3-12.1.3-1
open-iscsi_projectopen-iscsi>= 0 < 2.1.3-12.1.3-1
open-iscsi_projectopen-iscsi>= 0 < 2.1.3-12.1.3-1
open-iscsi_projectopen-iscsi>= 0 < 2.1.3-12.1.3-1
open-iscsi_projectopen-iscsi>= 0 < 2.0.874-7.1ubuntu6.42.0.874-7.1ubuntu6.4
open-iscsi_projectopen-iscsi>= 0 < 2.0.873+git0.3b4b4500-14ubuntu3.7+esm12.0.873+git0.3b4b4500-14ubuntu3.7+esm1
open-iscsi_projectopen-iscsi>= 0 < 2.0.874-5ubuntu2.11+esm12.0.874-5ubuntu2.11+esm1
siemenssentron_3va_com100_firmware< 4.4.14.4.1
siemenssentron_3va_com800_firmware< 4.4.14.4.1
siemenssentron_3va_dsp800_firmware< 4.04.0
siemenssentron_pac2200_firmware< 3.2.23.2.2
siemenssentron_pac3200_firmware< 2.4.72.4.7
siemenssentron_pac3200t_firmware< 3.2.23.2.2
siemenssentron_pac3220_firmware< 3.2.03.2.0
siemenssentron_pac4200_firmware< 2.3.02.3.0
uip_projectuip<= 1.0

CVSS provenance

nvdv3.18.2HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:P
osv8.2HIGH
vendor_debian8.2HIGH
vendor_redhat8.2HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.