CVE-2020-25110

Name of the Vulnerable Software and Affected Versions Ethernut in Nut/OS version 5.1

Description An issue in the DNS implementation may lead to successful Denial-of-Service, and possibly Remote Code Execution, due to the length byte of a domain name in a DNS query/response not being checked and being used for internal memory operations.

Recommendations For Ethernut in Nut/OS version 5.1, consider implementing checks on the length byte of domain names in DNS queries/responses to prevent potential Denial-of-Service and Remote Code Execution attacks. As a temporary workaround, restrict DNS query/response handling to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.