CVE-2020-11901 : The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution via a single

The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution via a single invalid DNS response.

Published 2020-06-17 11:15:10

Updated 2021-07-21 11:39:24

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory CorruptionExecute code

Products affected by CVE-2020-11901

Treck » Tcp/ip
Versions before (<) 6.0.1.66
cpe:2.3:a:treck:tcp\/ip:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

30.99%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 96 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
9.0	CRITICAL	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H	2.2	6.0	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: High

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)
CWE-131 Incorrect Calculation of Buffer Size

The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

Assigned by: nvd@nist.gov (Primary)
CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

Assigned by: nvd@nist.gov (Primary)
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

Jump to