Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked; therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Multiple Embedded TCP/IP 缓冲区错误漏洞
Vulnerability Description
Multiple Embedded TCP/IP是一种高效的嵌入式堆栈,使用可验证的流程开发并严格符合 MISRA 编码标准。 Multiple Embedded TCP/IP 存在缓冲区错误漏洞,该漏洞源于不对紧急数据指针的值进行完整性检查,从而允许攻击者通过在TCP数据包内提供任意紧急数据指针偏移来破坏内存。
CVSS Information
N/A
Vulnerability Type
N/A