Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
uip project uip vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-24335
An issue exists in uIP up to and including 1.0, as used in Contiki and Contiki-NG. Domain name parsing lacks bounds checks, allowing an malicious user to corrupt memory with crafted DNS packets.
Uip Project Uip
8.2
CVSSv3
CVE-2020-17437
An issue exists in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal d...
Uip Project Uip
Open-iscsi Project Open-iscsi
Siemens Sentron 3va Com100 Firmware
Siemens Sentron 3va Com800 Firmware
Siemens Sentron 3va Dsp800 Firmware
Siemens Sentron Pac2200 Clp Firmware -
Siemens Sentron Pac2200 Firmware
Siemens Sentron Pac3200 Firmware
Siemens Sentron Pac3200t Firmware
Siemens Sentron Pac3220 Firmware
Siemens Sentron Pac4200 Firmware
9.8
CVSSv3
CVE-2020-17438
An issue exists in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails to properly validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP header. ...
Uip Project Uip 1.0
8.3
CVSSv3
CVE-2020-17439
An issue exists in uIP 1.0, as used in Contiki 3.0 and other products. The code that parses incoming DNS packets does not validate that the incoming DNS replies match outgoing DNS queries in newdata() in resolv.c. Also, arbitrary DNS replies are parsed if there was any outgoing D...
Uip Project Uip 1.0
8.2
CVSSv3
CVE-2020-24334
The code that processes DNS responses in uIP up to and including 1.0, as used in Contiki and Contiki-NG, does not check whether the number of responses specified in the DNS packet header corresponds to the response data available in the DNS packet, leading to an out-of-bounds rea...
Uip Project Uip
7.5
CVSSv3
CVE-2020-17440
An issue exists in uIP 1.0, as used in Contiki 3.0 and other products. The code that parses incoming DNS packets does not validate that domain names present in the DNS responses have '\0' termination. This results in errors when calculating the offset of the pointer tha...
Uip Project Uip 1.0
7.5
CVSSv3
CVE-2020-13987
An issue exists in Contiki up to and including 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.
Uip Project Uip
Open-iscsi Project Open-iscsi
Siemens Sentron 3va Com100 Firmware
Siemens Sentron 3va Com800 Firmware
Siemens Sentron Pac3200 Firmware
Siemens Sentron Pac4200 Firmware
NA
CVE-2014-4883
resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and previous versions, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle malicious users to conduct cache-poisoning attacks v...
Lwip Project Lwip
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started