Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-22283

Опубликовано: 22 июл. 2021
Источник: debian
EPSS Низкий

Описание

A buffer overflow vulnerability in the icmp6_send_response_with_addrs_and_netif() function of Free Software Foundation lwIP version git head allows attackers to access sensitive information via a crafted ICMPv6 packet.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
lwipfixed2.1.3+dfsg1-1package
lwipfixed2.1.2+dfsg1-8+deb11u1bullseyepackage

Примечания

  • https://savannah.nongnu.org/bugs/index.php?58553

  • Pre-requisite: http://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=d843e47a1d65451bd7f7aaa5017b408bd108be88 (master)

  • Fixed by: https://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=489405839ae0fea8b99c4896f632eb688dc8a19a (master)

  • Fixed by: https://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=488d4ad2460c3b41bef69724cad89c28a905eda9 (master)

  • Pre-requisite: https://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=8f5a0aaacb8d88f65780cb87f14d4cff7c47c44e (STABLE-2_1_3_RC1)

  • Fixed by: https://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=6ffe30d9ba394e25844019e19ade4dc28d76f65d (STABLE-2_1_3_RC1)

  • Fixed by: https://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=ecd6009a5e64c98eb91df666b86b1ce7715675be (STABLE-2_1_3_RC1)

EPSS

Процентиль: 59%
0.00374
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2020-22283

CVSS3: 7.5
ubuntu
больше 4 лет назад

A buffer overflow vulnerability in the icmp6_send_response_with_addrs_and_netif() function of Free Software Foundation lwIP version git head allows attackers to access sensitive information via a crafted ICMPv6 packet.

nvd логотип

CVE-2020-22283

CVSS3: 7.5
nvd
больше 4 лет назад

A buffer overflow vulnerability in the icmp6_send_response_with_addrs_and_netif() function of Free Software Foundation lwIP version git head allows attackers to access sensitive information via a crafted ICMPv6 packet.

github логотип

GHSA-8gr9-6mc8-jj84

CVSS3: 7.5
github
больше 3 лет назад

A buffer overflow vulnerability in the icmp6_send_response_with_addrs_and_netif() function of Free Software Foundation lwIP version git head allows attackers to access sensitive information via a crafted ICMPv6 packet.

fstec логотип

BDU:2022-02096

CVSS3: 7.5
fstec
больше 4 лет назад

Уязвимость функции icmp6_send_response_with_addrs_and_netif() реализации набора протоколов TCP/IP lwIP, позволяющая нарушителю получить доступ к конфиденциальным данным

EPSS

Процентиль: 59%
0.00374
Низкий