PT-2021-6541 · Lwip · Lwip

Silentdawn

Published

2021-07-22

Updated

2021-07-29

CVE-2020-22284

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions lwIP versions 2.1.2 and git head version

Description A buffer overflow vulnerability in the zepif linkoutput() function allows attackers to access sensitive information via a crafted 6LoWPAN packet. The issue is related to the lack of input validation during buffer copying, enabling a remote attacker to exploit the vulnerability and gain access to confidential data.

Recommendations For lwIP version 2.1.2, consider disabling the zepif linkoutput() function until a patch is available. For lwIP git head version, consider disabling the zepif linkoutput() function until a patch is available. As a temporary workaround, restrict the use of crafted 6LoWPAN packets to minimize the risk of exploitation.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

BDU:2022-01802

CVE-2020-22284

Affected Products

Lwip

PT-2021-6541 · Lwip · Lwip

CVE-2020-22284

Weakness Enumeration

Related Identifiers

Affected Products

References · 12