PT-2020-6856 · Contiki+5 · Contiki+5

Published

2020-12-01

Updated

2024-06-15

CVE-2020-13988

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Contiki versions through 3.0

Description The issue is related to an integer overflow in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in the uip process function in net/ipv4/uip.c. This can be exploited by a remote attacker to cause a denial of service.

Recommendations For Contiki versions through 3.0, consider disabling the uip process function in net/ipv4/uip.c as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2021-4852

BDU:2023-01682

CVE-2020-13988

OPENSUSE-SU-2024:11112-1

SUSE-RU-2021:1517-1

SUSE-SU-2021:0663-1

SUSE-SU-2021:1164-1

SUSE-SU-2022:2806-1

USN-6259-1

Affected Products

Alt Linux

Astra Linux

Contiki

Linuxmint

Suse

Ubuntu

PT-2020-6856 · Contiki+5 · Contiki+5

CVE-2020-13988

Weakness Enumeration

Related Identifiers

Affected Products

References · 41