CVE-2020-24338

Name of the Vulnerable Software and Affected Versions picoTCP versions through 1.7.0

Description An issue was discovered in the DNS domain name record decompression functionality in pico dns decompress name() in pico dns common.c. This issue does not validate the compression pointer offset values with respect to the actual data present in a DNS response packet, causing out-of-bounds writes that lead to Denial-of-Service and Remote Code Execution.

Recommendations For picoTCP versions through 1.7.0, consider disabling the pico dns decompress name() function until a patch is available to prevent out-of-bounds writes and potential Remote Code Execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.