CVE-2020-25108

Name of the Vulnerable Software and Affected Versions Ethernut in Nut/OS version 5.1

Description An issue was discovered in the DNS implementation where the DNS response data length is not checked, allowing it to be set to an arbitrary value from a packet. This may lead to successful Denial-of-Service, and possibly Remote Code Execution.

Recommendations For Ethernut in Nut/OS version 5.1, consider implementing checks on the DNS response data length to prevent it from being set to arbitrary values, which could help mitigate the risk of Denial-of-Service and potential Remote Code Execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.