CVE-2020-11904

Vulnerability

The Treck TCP/IP stack before version 6.0.1.66 contains an integer overflow during memory allocation that leads to an out-of-bounds write [1]. This flaw resides in the stack's memory management routines, which are common to many embedded systems that integrate the Treck IP software [1][2]. The vulnerability is one of the Ripple20 set of 19 CVEs affecting Treck and historically-related KASAGO middleware [1].

Exploitation

An unauthenticated, remote attacker can exploit this vulnerability by sending a specially-crafted network packet to a device running the vulnerable stack [1][2]. No authentication or user interaction is required. The integer overflow causes a buffer to be allocated smaller than expected, leading to a heap-based out-of-bounds write when the attacker's data is copied into it [1].

Impact

Successful exploitation can result in a denial of service, information disclosure, or arbitrary code execution in the context of the affected device [1][2]. Because the Treck IP stack is used in diverse embedded systems, including industrial control and medical devices, the concrete impact depends on the device's build and runtime options [1]. In the worst case, an attacker could gain full control of the target system [1][2].

Mitigation

Treck released a fix in version 6.0.1.67 or later [1]. Downstream users should contact their embedded system vendor for patched firmware [1]. Network-based mitigations include blocking anomalous IP traffic via deep packet inspection; some modern switches, routers, and firewalls may drop malformed packets without additional configuration [1]. Cisco, Dell, and other vendors have issued advisories and patches for their affected products [3][4].