QwikSec

Security Database

CVE

CWE

Training

CVE-2020-17528

Published: Dec 9, 2020

Modified: Feb 13, 2025

PUBLISHED

Description

Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying arbitrary urgent data pointer offsets within TCP packets including beyond the length of the packet.

Vendor	Product	Versions
Apache Software Foundation	Apache NuttX (incubating)	affected `unspecified - < 9.1.1` affected `10.0.0`

Weaknesses (CWE)

References

https://lists.apache.org/thread.html/r7f4215aba288660b41b7e731b6262c8275fa476e91e527a74d2888ea%40%3Cdev.nuttx.apache.org%3E

x_refsource_MISC

[nuttx-dev] 20201209 CVE-2020-17528: Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length

mailing-list

x_refsource_MLIST

[oss-security] 20201209 CVE-2020-17528: Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.