CVE-2020-11901

nvd nist

Published: Jun 17, 2020Modified: Nov 21, 2024

9.0

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 6.0

Source: NVD

Description

The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution via a single invalid DNS response.

Affected (1)

Products: Treck: Tcp/ip

Treck

1 product

Tcp/ip

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Treck Tcp/ip	Before 6.0.1.66

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-131

Incorrect Calculation of Buffer Size

The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

CWE-330

Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (16)

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt

Source: cve@mitre.org

https://jsof-tech.com/vulnerability-disclosure-policy/

Source: cve@mitre.org

Third Party Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC

Source: cve@mitre.org

Third Party Advisory

https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities

Source: cve@mitre.org

https://www.jsof-tech.com/ripple20/

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.kb.cert.org/vuls/id/257161

Source: cve@mitre.org

https://www.kb.cert.org/vuls/id/257161/

Source: cve@mitre.org

MitigationThird Party AdvisoryUS Government Resource

https://www.treck.com

Source: cve@mitre.org

ProductVendor Advisory

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt