CVE-2020-13988
Summary
| CVE | CVE-2020-13988 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2020-12-11 22:15:00 UTC |
|---|
| Updated | 2020-12-16 18:44:00 UTC |
|---|
| Description | An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c. |
|---|
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|
| Operating System |
Contiki-ng |
Contiki-ng |
All |
All |
All |
All |
References
| Reference | Source | Link | Tags |
|---|
| VU#815128 - Embedded TCP/IP stacks have memory corruption vulnerabilities |
MISC |
www.kb.cert.org |
Third Party Advisory, US Government Resource |
| Multiple Embedded TCP/IP Stacks | CISA |
MISC |
us-cert.cisa.gov |
Third Party Advisory, US Government Resource |
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 174892 SUSE Enterprise Linux Security Update for open-iscsi (SUSE-SU-2021:1164-1)
- 199622 Ubuntu Security Notification for Open-iSCSI Vulnerabilities (USN-6259-1)
- 670184 EulerOS Security Update for iscsi-initiator-utils (EulerOS-SA-2021-1683)
