Fabre

#991645 lwip: CVE-2020-22283 #991645

Package:: src:lwip

Source:: lwip

Submitter:: Salvatore Bonaccorso

Date:: 2022-07-06 07:45:06 UTC

Severity:: important

Tags:

#991645#5

Date:: 2021-07-29 15:23:32 UTC

From:

To:

Hi,

The following vulnerability was published for lwip.

CVE-2020-22283[0]:
| A buffer overflow vulnerability in the
| icmp6_send_response_with_addrs_and_netif() function of Free Software
| Foundation lwIP version git head allows attackers to access sensitive
| information via a crafted ICMPv6 packet.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-22283
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22283
[1] https://savannah.nongnu.org/bugs/index.php?58553

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

#991645 lwip: CVE-2020-22283 #991645

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)