SB2020121201 - Multiple vulnerabilities in uIP and Contiki OS

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Out-of-bounds write (CVE-ID: CVE-2020-17437)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing TCP packets with Urgent flag. A remote attacker can send specially crafted traffic to the system, trigger an out-of-bounds write and execute arbitrary code on the target system.

2) Out-of-bounds write (CVE-ID: CVE-2020-17438)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing IP packets. The code that reassembles fragmented packets fails to properly validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP header. A remote attacker can send specially crafted IP packets to the system, trigger an out-of-bounds write and execute arbitrary code on the target system.

3) Out-of-bounds read (CVE-ID: CVE-2020-13987)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c. A remote attacker can send specially crafted traffic to the system, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

• https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf
• https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01
• https://www.kb.cert.org/vuls/id/815128