QwikSec

Security Database

CVE

CWE

Training

CVE-2020-17529

Published: Dec 9, 2020

Modified: Feb 13, 2025

PUBLISHED

Description

Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP header. This is only impacts builds with both CONFIG_EXPERIMENTAL and CONFIG_NET_TCP_REASSEMBLY build flags enabled.

Vendor	Product	Versions
Apache Software Foundation	Apache NuttX (incubating)	affected `unspecified - <= 9.1.0` affected `10.0.0`

Weaknesses (CWE)

References

https://lists.apache.org/thread.html/r4d71ae3ab96b589835b94ba7ac4cb88a704e7307bceefeab749366f3%40%3Cdev.nuttx.apache.org%3E

x_refsource_MISC

[nuttx-dev] 20201209 CVE-2020-17529: Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header

mailing-list

x_refsource_MLIST

[oss-security] 20201209 CVE-2020-17529: Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.