CVE-2020-22283
published 2021-07-22CVE-2020-22283: A buffer overflow vulnerability in the icmp6_send_response_with_addrs_and_netif() function of Free Software Foundation lwIP version git head allows attackers…
PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.37%
68.4th percentile
A buffer overflow vulnerability in the icmp6_send_response_with_addrs_and_netif() function of Free Software Foundation lwIP version git head allows attackers to access sensitive information via a crafted ICMPv6 packet.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | lwip | < lwip 2.1.3+dfsg1-1 (bookworm) | lwip 2.1.3+dfsg1-1 (bookworm) |
| lwip_project | lwip | >= 0 < 2.1.2+dfsg1-8+deb11u1 | 2.1.2+dfsg1-8+deb11u1 |
| lwip_project | lwip | >= 0 < 2.1.3+dfsg1-1 | 2.1.3+dfsg1-1 |
| lwip_project | lwip | >= 0 < 2.1.3+dfsg1-1 | 2.1.3+dfsg1-1 |
| lwip_project | lwip | >= 0 < 2.1.3+dfsg1-1 | 2.1.3+dfsg1-1 |
| ubuntu | lwip | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv7.5HIGH
vendor_debian7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
lwIP vulnerabilities
vendor_ubuntu·2026-06-11·CVSS 7.5
CVE-2026-8836 [HIGH] lwIP vulnerabilities
Title: lwIP vulnerabilities
Summary: Several security issues were fixed in lwIP.
It was discovered that lwIP contained a buffer overflow in the EAP
authentication handling code. An attacker could possibly use this issue
to trigger a buffer overflow, resulting in arbitrary code execution or a
denial of service. This issue only affected Ubuntu 20.04 LTS.
(CVE-2020-8597)
It was discovered that lwIP incorrectly handled certain ICMPv6 or
6LoWPAN packets. An attacker could possibly use this issue to trigger a
buffer overflow, resulting in information disclosure. This issue only
affected Ubuntu 20.04 LTS. (CVE-2020-22283, CVE-2020-22284)
It was discovered that lwIP did not properly validate certain SNMPv3
authentication parameters. An attacker could possibly use this issue to
trigger a stack-
Debian
CVE-2020-22283: lwip - A buffer overflow vulnerability in the icmp6_send_response_with_addrs_and_netif(...
vendor_debian·2020·CVSS 7.5
CVE-2020-22283 [HIGH] CVE-2020-22283: lwip - A buffer overflow vulnerability in the icmp6_send_response_with_addrs_and_netif(...
A buffer overflow vulnerability in the icmp6_send_response_with_addrs_and_netif() function of Free Software Foundation lwIP version git head allows attackers to access sensitive information via a crafted ICMPv6 packet.
Scope: local
bookworm: resolved (fixed in 2.1.3+dfsg1-1)
bullseye: resolved (fixed in 2.1.2+dfsg1-8+deb11u1)
forky: resolved (fixed in 2.1.3+dfsg1-1)
sid: resolved (fixed in 2.1.3+dfsg1-1)
trixie: resolved (fixed in 2.1.3+dfsg1-1)
VulDB
FSF IwIP ICMPv6 Packet icmp6_send_response_with_addrs_and_netif buffer overflow (Nessus ID 320846)
vuldb·2026-06-12·CVSS 7.5
CVE-2020-22283 [HIGH] FSF IwIP ICMPv6 Packet icmp6_send_response_with_addrs_and_netif buffer overflow (Nessus ID 320846)
A vulnerability labeled as critical has been found in FSF IwIP. This affects the function icmp6_send_response_with_addrs_and_netif of the component ICMPv6 Packet Handler. Such manipulation leads to buffer overflow.
This vulnerability is uniquely identified as CVE-2020-22283. The attack can only be initiated within the local network. No exploit exists.
GHSA
GHSA-8gr9-6mc8-jj84: A buffer overflow vulnerability in the icmp6_send_response_with_addrs_and_netif() function of Free Software Foundation lwIP version git head allows at
ghsa_unreviewed·2022-05-24
CVE-2020-22283 [HIGH] CWE-120 GHSA-8gr9-6mc8-jj84: A buffer overflow vulnerability in the icmp6_send_response_with_addrs_and_netif() function of Free Software Foundation lwIP version git head allows at
A buffer overflow vulnerability in the icmp6_send_response_with_addrs_and_netif() function of Free Software Foundation lwIP version git head allows attackers to access sensitive information via a crafted ICMPv6 packet.
OSV
CVE-2020-22283: A buffer overflow vulnerability in the icmp6_send_response_with_addrs_and_netif() function of Free Software Foundation lwIP version git head allows at
osv·2021-07-22·CVSS 7.5
CVE-2020-22283 [HIGH] CVE-2020-22283: A buffer overflow vulnerability in the icmp6_send_response_with_addrs_and_netif() function of Free Software Foundation lwIP version git head allows at
A buffer overflow vulnerability in the icmp6_send_response_with_addrs_and_netif() function of Free Software Foundation lwIP version git head allows attackers to access sensitive information via a crafted ICMPv6 packet.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-07-22
Published