CVE-2020-11899
CVE-2020-11899
In short
A flaw in the Treck TCP/IP stack allows reading memory beyond intended boundaries when processing IPv6 packets, potentially exposing sensitive data from the system.
Technical detail
An out-of-bounds read vulnerability exists in Treck TCP/IP stack versions prior to 6.0.1.66 during IPv6 packet processing. An attacker can send specially crafted IPv6 packets to trigger memory access beyond allocated buffers, leading to information disclosure of adjacent memory regions.
Summary generated and translated by AI from the official description.
The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://cwe.mitre.org/data/definitions/125.htmlhttps://jsof-tech.com/vulnerability-disclosure-policy/https://security.netapp.com/advisory/ntap-20200625-0006/https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyChttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11899https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilitieshttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.htmlhttps://www.jsof-tech.com/ripple20/https://www.kb.cert.org/vuls/id/257161https://www.kb.cert.org/vuls/id/257161/https://www.treck.comhttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt