CVE-2020-11905

Vulnerability

CVE-2020-11905 is an out-of-bounds read vulnerability in the DHCPv6 component of the Treck TCP/IP stack before version 6.0.1.66 [1][2][3]. The bug exists in the stack's handling of specially crafted DHCPv6 messages, where the code fails to properly validate length fields before reading packet data, leading to a read beyond the allocated buffer boundary.

Exploitation

An attacker can trigger the vulnerability by sending a crafted DHCPv6 packet to a device running an affected version of the Treck stack [2][3]. No authentication is required, and the attacker only needs network access to send the malicious packet. The out-of-bounds read occurs during parsing of the DHCPv6 message before any validation of the offensive length field.

Impact

A successful out-of-bounds read can cause a system crash (denial of service) or leak sensitive memory contents to the attacker [2][3]. The exact impact depends on the specific memory layout and what data resides adjacent to the parsed DHCPv6 buffer. In some configurations, this could lead to information disclosure about the device or its operations.

Mitigation

Treck released version 6.0.1.67 to address this vulnerability [2][3]. Users should update their Treck IP stack to version 6.0.1.67 or later. Downstream device vendors should be contacted for patched firmware. As a workaround, network administrators can use deep packet inspection to block anomalous DHCPv6 traffic where feasible [2][3].