Vulnerability Description
Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying arbitrary urgent data pointer offsets within TCP packets including beyond the length of the packet.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Nuttx | <= 9.1.0 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2020/12/09/4Mailing ListThird Party Advisory
- https://lists.apache.org/thread.html/r7f4215aba288660b41b7e731b6262c8275fa476e91Mailing ListVendor Advisory
- https://lists.apache.org/thread.html/r7f4215aba288660b41b7e731b6262c8275fa476e91Mailing ListVendor Advisory
- http://www.openwall.com/lists/oss-security/2020/12/09/4Mailing ListThird Party Advisory
- https://lists.apache.org/thread.html/r7f4215aba288660b41b7e731b6262c8275fa476e91Mailing ListVendor Advisory
- https://lists.apache.org/thread.html/r7f4215aba288660b41b7e731b6262c8275fa476e91Mailing ListVendor Advisory
FAQ
What is CVE-2020-17528?
CVE-2020-17528 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying arbitrary urgent data pointer o...
How severe is CVE-2020-17528?
CVE-2020-17528 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-17528?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Nuttx.