CVE-2020-11899

The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.

Basic Information

CVE State: PUBLISHED
Reserved Date: April 19, 2020
Published Date: June 17, 2020
Last Updated: February 04, 2025
Vendor: n/a
Product: n/a
Description: The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.
Tags

CVSS Scores

CVSS v3.1

5.4 - MEDIUM

Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CVSS v2.0

4.8

Vector: AV:A/AC:L/Au:N/C:N/I:P/A:P

SSVC Information

Exploitation: active
Technical Impact: partial

Exploit Status

Exploited in the Wild: Yes (2022-03-03 00:00:00 UTC) Source

References

https://cwe.mitre.org/data/definitions/125.html https://www.kb.cert.org/vuls/id/257161/ https://www.treck.com https://jsof-tech.com/vulnerability-disclosure-policy/ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html https://www.kb.cert.org/vuls/id/257161 https://www.jsof-tech.com/ripple20/ https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt https://security.netapp.com/advisory/ntap-20200625-0006/ https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities

Known Exploited Vulnerability Information

Source	Added Date
CISA	2022-03-03 00:00:00 UTC

Timeline

CVE ID Reserved

April 19, 2020
CVE Published to Public

June 17, 2020
Added to KEVIntel

March 03, 2022