RSS   Podatności dla 'LWIP'   RSS

2021-07-22
 
CVE-2020-22284

CWE-120
 

 
A buffer overflow vulnerability in the zepif_linkoutput() function of Free Software Foundation lwIP git head version and version 2.1.2 allows attackers to access sensitive information via a crafted 6LoWPAN packet.

 
2014-11-27
 
CVE-2014-4883

CWE-345
 

 
resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets.

 


Copyright 2021, cxsecurity.com

 

Back to Top