Out-of-bounds Read in Altran Picotcp

CVE-2020-17441

An issue was discovered in picoTCP 1.7.0. The code for processing the IPv6 headers does not validate whether the IPv6 payload length field is equal to the actual size of the payload, which leads to an Out-of-Bounds read during the ICMPv6 c…

Vulnerability class: Buffer Overflow

EPSS: 0.071 (93.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H.

Affected products

Weakness classification (CWE)

References

  • cve@mitre.org (US Government Resource, Third Party Advisory, x_refsource_MISC)
  • cve@mitre.org (US Government Resource, Third Party Advisory, x_refsource_MISC)

Frequently asked questions

What is CVE-2020-17441?
CVE-2020-17441 is a critical-severity vulnerability in Altran Picotcp, classified under Out-of-bounds Read. CVSS score: 9.1/10. Published 2020-12-11.
How severe is CVE-2020-17441?
Critical severity. CVSS v3 base score is 9.1 out of 10.