An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The TCP input data processing function in pico_tcp.c does not validate the length of incoming TCP packets, which leads to an out-of-bounds read when assembling received packets into a data segment, eventually causing Denial-of-Service or an information leak.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HAltran Picotcp
APPAltran≤ 1.7.0Altran Picotcp Ng
APPAltran≤ 1.7.0
Related vulnerabilities
Double Free vulnerability in virtualsquare picoTCP v1.7.0 and picoTCP-NG v2.1 in modules/pico_fragments.c in f...
An issue was discovered in picoTCP through 1.7.0. The DNS domain name record decompression functionality in pi...
An issue was discovered in picoTCP 1.7.0. The code for processing the IPv6 headers does not validate whether t...
picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack buffer overflow resulting in code execution or denial ...
Altran picoTCP through 1.7.0 allows memory corruption (and subsequent denial of service) because of an integer...