Home > Vulnerability Database > CVE-2020-17441

Mend.io Vulnerability Database

CVE-2020-17441

Date: December 11, 2020

An issue was discovered in picoTCP 1.7.0. The code for processing the IPv6 headers does not validate whether the IPv6 payload length field is equal to the actual size of the payload, which leads to an Out-of-Bounds read during the ICMPv6 checksum calculation, resulting in either Denial-of-Service or Information Disclosure. This affects pico_ipv6_extension_headers and pico_checksum_adder (in pico_ipv6.c and pico_frame.c).

Language: C

Severity Score

9.1

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-17441

Url: https://www.kb.cert.org/vuls/id/815128

Url: https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01

Url: https://www.mend.io/vulnerability-database/CVE-2020-17441

Severity Score

9.1

Weakness Type (CWE)

Out-of-bounds Read

CWE-125

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	6.4
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-17441

Date: December 11, 2020

Language: C

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?