High
ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network.
The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including information leaks, depending on a user-defined application that runs on top of the UDP protocol.
The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including information leaks and denial-of-service conditions, depending on the network buffer organization in memory.
When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to denial-of-service conditions.
The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to denial-of-service conditions.
When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to denial-of-service conditions.
The DHCP client application assumes the data supplied with the “Hostname” DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to out-of-bound reads, writes, and denial-of-service conditions.
TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands.
FTP server does not properly validate the length of the “USER” command, leading to stack-based buffer overflows. This may result in denial-of-service conditions and remote code execution.
FTP server does not properly validate the length of the “PWD/XPWD” command, leading to stack-based buffer overflows. This may result in denial-of-service conditions and remote code execution.
FTP server does not properly validate the length of the “MKD/XMKD” command, leading to stack-based buffer overflows. This may result in denial-of-service conditions and remote code execution.
Malformed TCP packets with a corrupted SACK option leads to denial-of-service conditions.
The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including denial-of-service conditions, depending on the network buffer organization in memory.
Refer to CISA Advisory for the patch, upgrade, or suggested workaround information.