PT-2020-15949 · Ethernut · Nut/Os
Published
2020-12-11
·
Updated
2020-12-15
·
CVE-2020-25107
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Nut/OS version 5.1
Description
An issue was discovered in the DNS implementation in Ethernut. There is no check on whether a domain name has '0' termination. This may lead to successful Denial-of-Service, and possibly Remote Code Execution.
Recommendations
For Nut/OS version 5.1, consider implementing a check for '0' termination in domain names to prevent potential Denial-of-Service and Remote Code Execution attacks. As a temporary workaround, restrict the use of the DNS implementation in Ethernut until a patch is available.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nut/Os