cbcvebase.

Treck Tcp Ip vulnerabilities

21 known vulnerabilities affecting treck/tcp_ip.

Total CVEs
21
CISA KEV
1
actively exploited
Public exploits
0
Exploited in wild
3
Severity breakdown
CRITICAL5HIGH3MEDIUM13

Vulnerabilities

Page 1 of 2
CVE-2020-11899P2MEDIUMCVSS 5.4KEVfixed in 6.0.1.662020-06-17
CVE-2020-11899 [MEDIUM] CWE-125 CVE-2020-11899: The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.
nvd
CVE-2020-11900P2HIGHCVSS 8.2Exploitedfixed in 6.0.1.412020-06-17
CVE-2020-11900 [HIGH] CWE-415 CVE-2020-11900: The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Free. The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Free.
nvd
CVE-2020-11896P2CRITICALCVSS 10.0fixed in 6.0.1.662020-06-17
CVE-2020-11896 [CRITICAL] CWE-119 CVE-2020-11896: The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling. The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling.
nvd
CVE-2020-11910P3MEDIUMCVSS 5.3Exploitedfixed in 6.0.1.662020-06-17
CVE-2020-11910 [MEDIUM] CWE-125 CVE-2020-11910: The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Read. The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Read.
nvd
CVE-2020-11901P2CRITICALCVSS 9.0fixed in 6.0.1.662020-06-17
CVE-2020-11901 [CRITICAL] CWE-125 CVE-2020-11901: The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution via a single invalid DNS respons The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution via a single invalid DNS response.
nvd
CVE-2020-11898P2CRITICALCVSS 9.1fixed in 6.0.1.662020-06-17
CVE-2020-11898 [CRITICAL] CWE-119 CVE-2020-11898: The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsiste The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak.
nvd
CVE-2020-11897P3CRITICALCVSS 10.0fixed in 5.0.1.352020-06-17
CVE-2020-11897 [CRITICAL] CWE-787 CVE-2020-11897: The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packet The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets.
nvd
CVE-2020-25066P3CRITICALCVSS 9.8fixed in 6.0.1.682020-12-22
CVE-2020-25066 [CRITICAL] CWE-787 CVE-2020-25066: A heap-based buffer overflow in the Treck HTTP Server component before 6.0.1.68 allows remote attack A heap-based buffer overflow in the Treck HTTP Server component before 6.0.1.68 allows remote attackers to cause a denial of service (crash/reset) or to possibly execute arbitrary code.
nvd
CVE-2020-11902P3HIGHCVSS 7.3fixed in 6.0.1.662020-06-17
CVE-2020-11902 [HIGH] CWE-125 CVE-2020-11902: The Treck TCP/IP stack before 6.0.1.66 has an IPv6OverIPv4 tunneling Out-of-bounds Read. The Treck TCP/IP stack before 6.0.1.66 has an IPv6OverIPv4 tunneling Out-of-bounds Read.
nvd
CVE-2020-10136P3MEDIUMCVSS 5.3fixed in 6.0.1.672020-06-02
CVE-2020-10136 [MEDIUM] CWE-290 CVE-2020-10136: IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate a IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing.
nvd
CVE-2020-11904P3HIGHCVSS 7.3fixed in 6.0.1.662020-06-17
CVE-2020-11904 [HIGH] CWE-190 CVE-2020-11904: The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during Memory Allocation that causes The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during Memory Allocation that causes an Out-of-Bounds Write.
nvd
CVE-2020-11911P4MEDIUMCVSS 5.3fixed in 6.0.1.662020-06-17
CVE-2020-11911 [MEDIUM] CWE-732 CVE-2020-11911: The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Control. The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Control.
nvd
CVE-2020-11907P4MEDIUMCVSS 6.3fixed in 6.0.1.662020-06-17
CVE-2020-11907 [MEDIUM] CVE-2020-11907: The Treck TCP/IP stack before 6.0.1.66 improperly handles a Length Parameter Inconsistency in TCP. The Treck TCP/IP stack before 6.0.1.66 improperly handles a Length Parameter Inconsistency in TCP.
nvd
CVE-2020-11905P4MEDIUMCVSS 6.5fixed in 6.0.1.662020-06-17
CVE-2020-11905 [MEDIUM] CWE-125 CVE-2020-11905: The Treck TCP/IP stack before 6.0.1.66 has a DHCPv6 Out-of-bounds Read. The Treck TCP/IP stack before 6.0.1.66 has a DHCPv6 Out-of-bounds Read.
nvd
CVE-2020-11903P4MEDIUMCVSS 6.5fixed in 6.0.1.282020-06-17
CVE-2020-11903 [MEDIUM] CWE-125 CVE-2020-11903: The Treck TCP/IP stack before 6.0.1.28 has a DHCP Out-of-bounds Read. The Treck TCP/IP stack before 6.0.1.28 has a DHCP Out-of-bounds Read.
nvd
CVE-2020-11912P4MEDIUMCVSS 5.3fixed in 6.0.1.662020-06-17
CVE-2020-11912 [MEDIUM] CWE-125 CVE-2020-11912: The Treck TCP/IP stack before 6.0.1.66 has a TCP Out-of-bounds Read. The Treck TCP/IP stack before 6.0.1.66 has a TCP Out-of-bounds Read.
nvd
CVE-2020-11909P4MEDIUMCVSS 5.3fixed in 6.0.1.662020-06-17
CVE-2020-11909 [MEDIUM] CWE-191 CVE-2020-11909: The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow. The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow.
nvd
CVE-2020-11906P4MEDIUMCVSS 6.3fixed in 6.0.1.662020-06-17
CVE-2020-11906 [MEDIUM] CWE-191 CVE-2020-11906: The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow. The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow.
nvd
CVE-2020-11913P4MEDIUMCVSS 5.3fixed in 6.0.1.662020-06-17
CVE-2020-11913 [MEDIUM] CWE-125 CVE-2020-11913: The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.
nvd
CVE-2020-11908P4MEDIUMCVSS 4.3fixed in 4.7.1.272020-06-17
CVE-2020-11908 [MEDIUM] CVE-2020-11908: The Treck TCP/IP stack before 4.7.1.27 mishandles '\0' termination in DHCP. The Treck TCP/IP stack before 4.7.1.27 mishandles '\0' termination in DHCP.
nvd
Treck Tcp Ip vulnerabilities | cvebase