Denial of Service Vulnerability in ICMP and ICMPv6 Parsing Functionality
CVE-2023-39541

5.9MEDIUM

Key Information:

Vendor: Silicon Labs
Status: Gecko Platform; Uc-tcp-ip
Vendor: CVE Published:; 20 February 2024

🔔 Create Silicon Labs Vulnerability Alert

What is CVE-2023-39541?

A vulnerability exists in the parsing functionality of ICMP and ICMPv6 within Weston Embedded uC-TCP-IP v3.06.01. An attacker can exploit this issue by sending a specially crafted network packet, which may result in an out-of-bounds read, ultimately leading to a denial of service. This vulnerability specifically affects the handling of IPv6 ICMPv6 packets, potentially impacting network connectivity and functionality.

Affected Version(s)

Gecko Platform 4.3.1.0

uC-TCP-IP v3.06.01

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 20, 2024
Vulnerability Reserved
Aug 3, 2023

Credit

Discovered by Francesco Benvenuto and Kelly Patterson of Cisco Talos.