CVE-2020-17528Out-of-bounds Write in Software Foundation Apache Nuttx

CWE-787Out-of-bounds Write3 documents3 sources
Severity
9.1CRITICALNVD
EPSS
1.7%
top 17.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache NuttxApache Nuttx
Timeline
PublishedDec 9
Latest updateMay 24

Description

Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying arbitrary urgent data pointer offsets within TCP packets including beyond the length of the packet.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

CVEListV5apache_software_foundation/apache_nuttxunspecified9.1.1+1
NVDapache/nuttx9.1.0+1

🔴Vulnerability Details

2
GHSA
GHSA-36mq-qwm2-6rpp: Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 92022-05-24
CVEList
Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length2020-12-09
CVE-2020-17528 — Out-of-bounds Write | cvebase