Picotcp
CVE-2017-1000210
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack buffer overflow resulting in code execution or denial of service attack
AnalysisAI
picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack buffer overflow resulting in code execution or denial of service attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack buffer overflow resulting in code execution or denial of service attack Affected products include: Altran Picotcp.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.
Altran picoTCP through 1.7.0 allows memory corruption (and subsequent denial of service) because of an integer overflow
An issue was discovered in picoTCP through 1.7.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exp
An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. Rated critical severity (CVSS 9.1), this vulnerability
An issue was discovered in picoTCP 1.7.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly check whether header sizes would result in accessin
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 lacks certain size calculations before attempting to set a value of a
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not have an MSS lower bound (e.g., it could be zero). Rated high
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not check the transport layer length in a frame before performin
An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. Rated high severity (CVSS 7.5), this vulnerability is r
An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. Rated high severity (CVSS 7.5), this vulnerability is r
An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. Rated high severity (CVSS 7.5), this vulnerability is r
An issue was discovered in picoTCP 1.7.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today