CVE-2020-22283

Name of the Vulnerable Software and Affected Versions lwIP version git head

Description A buffer overflow vulnerability in the icmp6 send response with addrs and netif() function allows attackers to access sensitive information via a crafted ICMPv6 packet. The issue is related to the copying of a buffer without checking the input data, which can be exploited by a remote attacker to gain access to confidential data.

Recommendations As a temporary workaround, consider disabling the icmp6 send response with addrs and netif() function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.