Vulnerability Description
An issue was discovered in FNET through 4.6.4. The code for processing resource records in mDNS queries doesn't check for proper '\0' termination of the resource record name string, leading to an out-of-bounds read, and potentially causing information leak or Denial-or-Service.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Butok | Fnet | <= 4.6.4 |
Related Weaknesses (CWE)
References
- https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01Third Party AdvisoryUS Government Resource
- https://www.kb.cert.org/vuls/id/815128Third Party AdvisoryUS Government Resource
- https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01Third Party AdvisoryUS Government Resource
- https://www.kb.cert.org/vuls/id/815128Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2020-24383?
CVE-2020-24383 is a vulnerability with a CVSS score of 9.1 (CRITICAL). An issue was discovered in FNET through 4.6.4. The code for processing resource records in mDNS queries doesn't check for proper '\0' termination of the resource record name string, leading to an out-...
How severe is CVE-2020-24383?
CVE-2020-24383 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-24383?
Check the references section above for vendor advisories and patch information. Affected products include: Butok Fnet.