CVE-2020-11902

Vulnerability

CVE-2020-11902 is an out-of-bounds read vulnerability in the IPv6OverIPv4 tunneling component of the Treck TCP/IP stack, affecting versions before 6.0.1.66 [1]. The bug exists in the code that handles encapsulation of IPv6 packets within IPv4 tunnels, and can be triggered by processing a specially crafted network packet. The Treck stack is widely used in embedded systems, including industrial control and medical devices [1].

Exploitation

A remote, unauthenticated attacker can exploit this vulnerability by sending a custom-crafted network packet to a device running an affected version of the Treck stack [1][2]. No user interaction is required; the attack is launched over the network and can target the IPv6OverIPv4 tunneling functionality. The out-of-bounds read occurs when the stack incorrectly parses tunneled packet headers [1].

Impact

Successful exploitation allows the attacker to read beyond the bounds of the intended buffer, potentially leading to information disclosure (exposure of sensitive memory contents) or denial of service (crash or hang of the device) [1][2]. The impact depends on the system's build and runtime options, but the vulnerability is remotely exploitable without authentication [1][2].

Mitigation

Treck has released version 6.0.1.67 (or later) which fixes this vulnerability [1][2]. Users should update their Treck IP stack to the latest stable release. Downstream vendors integrating the Treck stack (such as Dell and Cisco) have published advisories and patches for their affected products [3][4]. As a workaround, organizations can block anomalous IP traffic using deep packet inspection or firewall rules that drop malformed packets [1].