Skip to main content

Picotcp CVE-2023-30463

HIGH
Integer Overflow or Wraparound (CWE-190)
2023-04-19 cve@mitre.org
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 19, 2023 - 12:15 nvd
HIGH 7.5

DescriptionNVD

Altran picoTCP through 1.7.0 allows memory corruption (and subsequent denial of service) because of an integer overflow in pico_ipv6_alloc when processing large ICMPv6 packets. This affects installations with Ethernet support in which a packet size greater than 65495 may occur.

AnalysisAI

Altran picoTCP through 1.7.0 allows memory corruption (and subsequent denial of service) because of an integer overflow in pico_ipv6_alloc when processing large ICMPv6 packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. Altran picoTCP through 1.7.0 allows memory corruption (and subsequent denial of service) because of an integer overflow in pico_ipv6_alloc when processing large ICMPv6 packets. This affects installations with Ethernet support in which a packet size greater than 65495 may occur. Affected products include: Altran Picotcp. Version information: through 1.7.0.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.

CVE-2017-1000210 CRITICAL
9.8 Nov 17

picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack buffer overflow resulting in code execution or denial of service

CVE-2020-24338 CRITICAL
9.8 Dec 11

An issue was discovered in picoTCP through 1.7.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exp

CVE-2020-24341 CRITICAL
9.1 Dec 11

An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. Rated critical severity (CVSS 9.1), this vulnerability

CVE-2020-17441 CRITICAL
9.1 Dec 11

An issue was discovered in picoTCP 1.7.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable

CVE-2023-35849 HIGH
7.5 Jun 19

VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly check whether header sizes would result in accessin

CVE-2023-35848 HIGH
7.5 Jun 19

VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 lacks certain size calculations before attempting to set a value of a

CVE-2023-35847 HIGH
7.5 Jun 19

VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not have an MSS lower bound (e.g., it could be zero). Rated high

CVE-2023-35846 HIGH
7.5 Jun 19

VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not check the transport layer length in a frame before performin

CVE-2020-24340 HIGH
7.5 Dec 11

An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. Rated high severity (CVSS 7.5), this vulnerability is r

CVE-2020-24339 HIGH
7.5 Dec 11

An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. Rated high severity (CVSS 7.5), this vulnerability is r

CVE-2020-24337 HIGH
7.5 Dec 11

An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. Rated high severity (CVSS 7.5), this vulnerability is r

CVE-2020-17445 HIGH
7.5 Dec 11

An issue was discovered in picoTCP 1.7.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no

Share

CVE-2023-30463 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy