Skip to main content

Lwip

2 CVEs product

Monthly

CVE-2026-8836 CRITICAL PATCH Act Now

Stack-based buffer overflow in lwIP through 2.2.1 enables remote unauthenticated attackers to corrupt stack memory in the SNMPv3 USM handler by sending a crafted msgAuthenticationParameters field to snmp_parse_inbound_frame in src/apps/snmp/snmp_msg.c. The flaw stems from a commented-out length assertion that allowed user-controlled TLV value lengths to exceed SNMP_V3_MAX_AUTH_PARAM_LENGTH during decoding. No public exploit identified at time of analysis, but the CVSS 4.0 score of 9.3 reflects network-reachable, no-privilege, no-interaction exploitation against a library widely embedded in IoT and embedded TCP/IP stacks.

Stack Overflow Buffer Overflow Lwip
NVD VulDB GitHub
CVSS 4.0
9.3
EPSS
0.2%
CVE-2014-4883 MEDIUM PATCH This Month

resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Lwip
NVD
CVSS 2.0
4.3
EPSS
0.1%
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Stack-based buffer overflow in lwIP through 2.2.1 enables remote unauthenticated attackers to corrupt stack memory in the SNMPv3 USM handler by sending a crafted msgAuthenticationParameters field to snmp_parse_inbound_frame in src/apps/snmp/snmp_msg.c. The flaw stems from a commented-out length assertion that allowed user-controlled TLV value lengths to exceed SNMP_V3_MAX_AUTH_PARAM_LENGTH during decoding. No public exploit identified at time of analysis, but the CVSS 4.0 score of 9.3 reflects network-reachable, no-privilege, no-interaction exploitation against a library widely embedded in IoT and embedded TCP/IP stacks.

Stack Overflow Buffer Overflow Lwip
NVD VulDB GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Lwip
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy