MidnightBSD

Advisories for open-iscsi_project

CVE-2017-17840 MEDIUM

An issue was discovered in Open-iSCSI through 2.0.875. A local attacker can cause the iscsiuio server to abort or potentially execute code by sending messages with incorrect lengths, which (due to lack of checking) can lead to buffer overflows, and result in aborts (with overflow checking enabled) or code execution. The process_iscsid_broadcast function in iscsiuio/src/unix/iscsid_ipc.c does not validate the payload length before a write operation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
open-iscsi_project open-iscsi *
CVE-2020-13987 MEDIUM

An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
siemens sentron_3va_com100_firmware *
siemens sentron_pac4200_firmware *
siemens sentron_pac3200_firmware *
open-iscsi_project open-iscsi *
uip_project uip *
siemens sentron_3va_com800_firmware *
CVE-2020-17437 MEDIUM

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked; therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H 3.9 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
siemens sentron_3va_com100_firmware *
siemens sentron_pac3200t_firmware *
siemens sentron_pac4200_firmware *
siemens sentron_pac3220_firmware *
siemens sentron_pac3200_firmware *
open-iscsi_project open-iscsi *
uip_project uip *
siemens sentron_pac2200_firmware *
siemens sentron_3va_dsp800_firmware *
siemens sentron_3va_com800_firmware *
siemens sentron_pac2200_clp_firmware -