CVE-2023-30463

Name of the Vulnerable Software and Affected Versions Altran picoTCP versions through 1.7.0

Description The issue is caused by an integer overflow in pico ipv6 alloc when processing large ICMPv6 packets, leading to memory corruption and subsequent denial of service. This affects installations with Ethernet support where a packet size greater than 65495 may occur.

Recommendations For versions through 1.7.0, consider disabling Ethernet support or restricting packet sizes to prevent exploitation until a patch is available. As a temporary workaround, limit the size of ICMPv6 packets to minimize the risk of memory corruption. At the moment, there is no information about a newer version that contains a fix for this vulnerability.