CVE-2020-17529

CWE-787Out-of-bounds Write3 documents3 sources
Severity
9.8CRITICAL
EPSS
1.4%
top 19.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache Nuttx (incubating)Apache Nuttx
Timeline
PublishedDec 9
Latest updateMay 24

Description

Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP header. This is only impacts builds with both CONFIG_EXPERIMENTAL and CONFIG_NET_TCP_REASSEMBLY build flags enabled.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5apache_software_foundation/apache_nuttx_(incubating)unspecified9.1.0+1
NVDapache/nuttx9.1.0+1

🔴Vulnerability Details

2
GHSA
GHSA-5jrc-q622-h2ww: Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 92022-05-24
CVEList
Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header2020-12-09
CVE-2020-17529 (CRITICAL CVSS 9.8) | Out-of-bounds Write vulnerability i | cvebase.io