CVE-2020-24334

Name of the Vulnerable Software and Affected Versions uIP versions 1.0 and earlier Contiki versions prior to the fix Contiki-NG versions prior to the fix

Description The issue arises from the code that processes DNS responses in uIP, which does not verify if the number of responses in the DNS packet header matches the available response data. This leads to an out-of-bounds read and results in a Denial-of-Service in the resolv.c file.

Recommendations For uIP versions 1.0 and earlier, update to a version that includes the fix for the DNS response processing issue. For Contiki and Contiki-NG, apply the necessary patches or updates to resolve the out-of-bounds read issue in the resolv.c file. As a temporary workaround, consider restricting DNS response processing until a patch is available.