Out-of-bounds Read in Altran Picotcp
CVE-2020-17441
An issue was discovered in picoTCP 1.7.0. The code for processing the IPv6 headers does not validate whether the IPv6 payload length field is equal to the actual size of the payload, which leads to an Out-of-Bounds read during the ICMPv6 c…
Vulnerability class: Buffer Overflow
EPSS: 0.071 (93.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H.
Affected products
- Altran Picotcp
- Microchip Mplab_harmony
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (US Government Resource, Third Party Advisory, x_refsource_MISC)
- cve@mitre.org (US Government Resource, Third Party Advisory, x_refsource_MISC)
Frequently asked questions
- What is CVE-2020-17441?
- CVE-2020-17441 is a critical-severity vulnerability in Altran Picotcp, classified under Out-of-bounds Read. CVSS score: 9.1/10. Published 2020-12-11.
- How severe is CVE-2020-17441?
- Critical severity. CVSS v3 base score is 9.1 out of 10.