PT-2020-15034 · Apache · Apache Nuttx
Published
2020-12-09
·
Updated
2020-12-16
·
CVE-2020-17529
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Apache NuttX (incubating) versions up to and including 10.0.0
Description
The issue is an Out-of-bounds Write vulnerability in the TCP Stack, allowing an attacker to corrupt memory by supplying an invalid fragmentation offset value specified in the IP header. This vulnerability only impacts builds with both CONFIG EXPERIMENTAL and CONFIG NET TCP REASSEMBLY build flags enabled.
Recommendations
For Apache NuttX (incubating) versions up to and including 10.0.0, consider disabling the TCP reassembly functionality by disabling the CONFIG NET TCP REASSEMBLY build flag as a temporary workaround until a patch is available.
Restrict access to the TCP stack to minimize the risk of exploitation.
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Nuttx