Ethernut Nut Os vulnerabilities
5 known vulnerabilities affecting ethernut/nut_os.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH1
Vulnerabilities
Page 1 of 1
CVE-2020-25107P2CRITICALCVSS 9.8≤ 5.12020-12-11
CVE-2020-25107 [CRITICAL] CWE-125 CVE-2020-25107: An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. There is no check on wh
An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. There is no check on whether a domain name has '\0' termination. This may lead to successful Denial-of-Service, and possibly Remote Code Execution.
nvd
CVE-2020-25110P2CRITICALCVSS 9.8≤ 5.12020-12-11
CVE-2020-25110 [CRITICAL] CWE-125 CVE-2020-25110: An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The length byte of a do
An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The length byte of a domain name in a DNS query/response is not checked, and is used for internal memory operations. This may lead to successful Denial-of-Service, and possibly Remote Code Execution.
nvd
CVE-2020-25108P2CRITICALCVSS 9.8≤ 5.12020-12-11
CVE-2020-25108 [CRITICAL] CWE-787 CVE-2020-25108: An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The DNS response data l
An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The DNS response data length is not checked (it can be set to an arbitrary value from a packet). This may lead to successful Denial-of-Service, and possibly Remote Code Execution.
nvd
CVE-2020-25109P2CRITICALCVSS 9.8≤ 5.12020-12-11
CVE-2020-25109 [CRITICAL] CWE-125 CVE-2020-25109: An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The number of DNS queri
An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The number of DNS queries/responses (set in a DNS header) is not checked against the data present. This may lead to successful Denial-of-Service, and possibly Remote Code Execution.
nvd
CVE-2020-27213P3HIGHCVSS 7.5v5.12023-10-10
CVE-2020-27213 [HIGH] CWE-330 CVE-2020-27213: An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers (IS
An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. While the ISN generator s
nvd