CVE-2020-17442

{"id": "CVE-2020-17442", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-12-11T23:15:13.323", "references": [{"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "https://www.kb.cert.org/vuls/id/815128", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.kb.cert.org/vuls/id/815128", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in picoTCP 1.7.0. The code for parsing the hop-by-hop IPv6 extension headers does not validate the bounds of the extension header length value, which may result in Integer Wraparound. Therefore, a crafted extension header length value may cause Denial-of-Service because it affects the loop in which the extension headers are parsed in pico_ipv6_process_hopbyhop() in pico_ipv6.c."}, {"lang": "es", "value": "Se detect\u00f3 un problema en picoTCP versi\u00f3n 1.7.0. El c\u00f3digo para analizar los encabezados de extensi\u00f3n IPv6 hop-by-hop no comprueba los l\u00edmites del valor de longitud del encabezado de extensi\u00f3n, lo que puede resultar en un ajuste integral. Por lo tanto, un valor de longitud de encabezado de extensi\u00f3n dise\u00f1ado puede causar Denegaci\u00f3n de Servicio porque afecta el bucle en el que se analizan los encabezados de extensi\u00f3n en la funci\u00f3n pico_ipv6_process_hopbyhop() en el archivo pico_ipv6.c"}], "lastModified": "2024-11-21T05:08:07.370", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:altran:picotcp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BEB4123E-EE54-4991-9011-42FD1FC83662", "versionEndIncluding": "1.7.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}