9.3

CVE-2020-11901

Exploit

The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution via a single invalid DNS response.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TreckTcp/ip Version < 6.0.1.66
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 24.05% 0.959
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9 2.2 6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-131 Incorrect Calculation of Buffer Size

The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.jsof-tech.com/ripple20/
Third Party Advisory
Exploit
https://www.kb.cert.org/vuls/id/257161/
Third Party Advisory
US Government Resource
Mitigation
https://www.treck.com
Vendor Advisory
Product