CVE-2020-11906
Description
The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An integer underflow in Treck TCP/IP stack's Ethernet link layer before 6.0.1.66 allows remote unauthenticated attackers to cause denial of service or code execution.
Vulnerability
An integer underflow vulnerability exists in the Ethernet link layer of the Treck TCP/IP stack before version 6.0.1.66 [1][2]. The bug is part of the memory management flaws disclosed as part of the Ripple20 research [1][2]. The code path is reachable when processing Ethernet frames, and the vulnerability can be triggered by sending specially crafted packets to a device using the affected stack [1][2]. The Treck IP stack is used in a wide range of embedded systems, including industrial control systems, medical devices, and networking gear [1][2][4].
Exploitation
An attacker can exploit this vulnerability from a remote network position without any authentication [1][2]. The attacker sends a crafted Ethernet packet that triggers the integer underflow when the link layer processes the data [1][2]. No user interaction is required. The attack does not require prior access to the target device beyond network connectivity [1][2].
Impact
Successful exploitation allows a remote, unauthenticated attacker to cause a denial of service, disclose sensitive information, or execute arbitrary code on the target system [1][2]. The precise impact depends on the specific build and runtime options used in the embedded system; the vulnerability may lead to full compromise of the device [1][2]. The scope of compromise can extend to the entire embedded system using the Treck stack [1][2].
Mitigation
The vulnerability is fixed in Treck IP stack version 6.0.1.67 or later [1][2]. Affected users should contact Treck at security@treck.com for the update [1][2]. Downstream users of embedded systems that incorporate the Treck stack should contact their device vendor [1][2]. As a workaround, network administrators can block anomalous IP traffic through deep packet inspection, and modern switches, routers, and firewalls may drop malformed packets without additional configuration [1][2]. Dell has released patches for affected client platforms (via Intel component fix INTEL-SA-00295) and Teradici firmware [3]. Cisco has published advisories for its affected products and released fixed releases for many of them [4].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Treck/TCP/IP stackdescription
- Range: < 6.0.1.66
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyCmitrevendor-advisoryx_refsource_CISCO
- www.kb.cert.org/vuls/id/257161mitrethird-party-advisoryx_refsource_CERT-VN
- www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txtmitrex_refsource_CONFIRM
- jsof-tech.com/vulnerability-disclosure-policy/mitrex_refsource_MISC
- security.netapp.com/advisory/ntap-20200625-0006/mitrex_refsource_CONFIRM
- support.hpe.com/hpesc/public/docDisplaymitrex_refsource_MISC
- www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilitiesmitrex_refsource_MISC
- www.jsof-tech.com/ripple20/mitrex_refsource_MISC
- www.kb.cert.org/vuls/id/257161/mitrex_refsource_MISC
- www.treck.commitrex_refsource_MISC
News mentions
0No linked articles in our index yet.