Multiple Embedded TCP/IP Stacks CISA
https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01

>1. EXECUTIVE SUMMARY
>
> CVSS v3 9.8
> ATTENTION: Exploitable remotely/low skill level to exploit
> Vendor: Multiple (open source)
> Equipment: uIP-Contiki-OS, uIP-Contiki-NG, uIP, open-iscsi, picoTCP-NG, picoTCP, FNET, Nut/Net
> Vulnerabilities: Infinite Loop, Integer Wraparound, Out-of-bounds Read, Integer Overflow, Out-of-bounds Write, Improper Input Validation, Improper Null Termination
>
>CISA is aware of a public report, known as “AMNESIA:33” that details vulnerabilities found in multiple open-source TCP/IP stacks. CISA is issuing this advisory to provide early notice of the reported vulnerabilities and identify baseline mitigations for reducing risks to these and other cybersecurity attacks.
>
>The various open-source stacks may be implemented in forked repositories.
>2. RISK EVALUATION
>
>Successful exploitation of these vulnerabilities could allow attackers to corrupt memory, put devices into infinite loops, access unauthorized data, and/or poison DNS cache.
>3. TECHNICAL DETAILS
>3.1 AFFECTED PRODUCTS
>
>The following are affected:
>
> uIP-Contiki-OS (end-of-life [EOL]), Version 3.0 and prior
> uIP-Contiki-NG, Version 4.5 and prior
> uIP (EOL), Version 1.0 and prior
> open-iscsi, Version 2.1.12 and prior
> picoTCP-NG, Version 1.7.0 and prior
> picoTCP (EOL), Version 1.7.0 and prior
> FNET, Version 4.6.3
> Nut/Net, Version 5.1 and prior
>...
#Security