CVE-2020-17440

EPSS 0.45%
Published 11.12.2020 23:15:13
Last modified 21.11.2024 05:08:07
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that parses incoming DNS packets does not validate that domain names present in the DNS responses have '\0' termination. This results in errors when calculating the offset of the pointer that jumps over domain name bytes in DNS response packets when a name lacks this termination, and eventually leads to dereferencing the pointer at an invalid/arbitrary address, within newdata() and parse_name() in resolv.c.

Affected products Warnungen 0 Metrics 3 CWE 0 References 5

Data is provided by the National Vulnerability Database (NVD)

Uip Project ≫ Uip Version1.0

Contiki-os ≫ Contiki Version3.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.45%	0.606

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01

Third Party Advisory

US Government Resource

https://www.kb.cert.org/vuls/id/815128

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2020-17440

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-17440

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-17440

EUVD