Your submission was sent successfully! Close

CVE-2020-17437

Published: 01 December 2020

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked; therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.

Priority

Low

CVSS 3 base score: 8.2

Status

Package Release Status
open-iscsi
Launchpad, Ubuntu, Debian
Upstream
Released (2.1.3)
Ubuntu 21.10 (Impish Indri)
Released (2.1.3-1ubuntu1)
Ubuntu 21.04 (Hirsute Hippo)
Released (2.1.3-1ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa) Needed

Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Needed

Patches:
Upstream: https://github.com/open-iscsi/open-iscsi/commit/d63ce0d64c5abe9f285f14ce394660bfb9a16538

Notes

AuthorNote
sbeattie
aka FSCT-2020-0018
issue in embedded copy of uIP
mdeslaur
per upstream "iscsiuio only uses uip for network "services",
such as DHCP, ARP, etc, and not for normal TCP/IP
communications"

References