What is CVE-2020-11898?

CVE-2020-11898 is a vulnerability in N/a. Published 2020-06-17.

Is CVE-2020-11898 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-11898

The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak.

EPSS: 0.580 (98.2th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

www.kb.cert.org/vuls/id/257161/ (x_refsource_MISC)
www.treck.com (x_refsource_MISC)
jsof-tech.com/vulnerability-disclosure-policy/ (x_refsource_MISC)
VU#257161 (third-party-advisory, x_refsource_CERT-VN)
www.jsof-tech.com/ripple20/ (x_refsource_MISC)
20200617 Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020 (vendor-advisory, x_refsource_CISCO)
www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt (x_refsource_CONFIRM)
security.netapp.com/advisory/ntap-20200625-0006/ (x_refsource_CONFIRM)
support.hpe.com/hpesc/public/docDisplay (x_refsource_MISC)
www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vuln… (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-11898?: CVE-2020-11898 is a vulnerability in N/a. Published 2020-06-17.
Is CVE-2020-11898 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.