PT-2026-56474 · U-Boot · U-Boot
Vulncheck
·
Publicado
2026-07-08
·
Atualizado
2026-07-08
·
CVE-2026-29007
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcp rx state machine() (net/tcp.c) when CONFIG PROT TCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious packet with a mismatched IP total length and TCP data offset field. Attackers can send a packet with an IP total length of 40 bytes and a TCP data offset claiming 60 bytes of header to cause tcp parse options() to read 40 bytes past the end of the TCP segment, potentially corrupting connection state variables such as rmt win scale and rmt timestamp to disrupt TCP window calculations.
Correção
Out of bounds Read
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
U-Boot