Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length
CVE-2020-17528

9.1CRITICAL

Key Information:

Vendor: Apache
Status: Apache Nuttx (incubating)
Vendor: CVE Published:; 9 December 2020

Summary

Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying arbitrary urgent data pointer offsets within TCP packets including beyond the length of the packet.

Affected Version(s)

Apache NuttX (incubating) < 9.1.1

Apache NuttX (incubating) 10.0.0

References

https://lists.apache.org/thread.html/r7f4215aba288660b41b...

x_refsource_MISC

https://lists.apache.org/thread.html/r7f4215aba288660b41b...

mailing-listx_refsource_MLIST

http://www.openwall.com/lists/oss-security/2020/12/09/4

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 9, 2020
Vulnerability Reserved
Aug 12, 2020

Credit

Apache NuttX would like to thank Forescout for reporting the issue

.