Fabre

#991646 lwip: CVE-2020-22284 #991646

Package:: src:lwip

Source:: lwip

Submitter:: Salvatore Bonaccorso

Date:: 2022-07-06 07:45:08 UTC

Severity:: important

Tags:

#991646#5

Date:: 2021-07-29 15:25:56 UTC

From:

To:

Hi,

The following vulnerability was published for lwip.

CVE-2020-22284[0]:
| A buffer overflow vulnerability in the zepif_linkoutput() function of
| Free Software Foundation lwIP git head version and version 2.1.2
| allows attackers to access sensitive information via a crafted 6LoWPAN
| packet.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-22284
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22284
[1] https://savannah.nongnu.org/bugs/index.php?58554

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

#991646#14

Date:: 2022-07-06 07:40:37 UTC

From:

To:

# bug were not closed with the 2.1.3 upload
close 991645 2.1.3+dfsg1-1
close 991646 2.1.3+dfsg1-1
thanks

#991646 lwip: CVE-2020-22284 #991646

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)