CVE-2020-11910

Vulnerability

CVE-2020-11910 is an out-of-bounds read vulnerability in the ICMPv4 processing component of the Treck TCP/IP stack, affecting versions prior to 6.0.1.66. The bug resides in how the stack parses incoming ICMPv4 packets, allowing a remote attacker to read memory beyond the intended buffer boundaries. This issue is part of the Ripple20 set of vulnerabilities disclosed by JSOF and documented in CERT/CC VU#257161 [1].

Exploitation

An unauthenticated attacker with network access to a device running a vulnerable Treck stack can exploit this flaw by sending a specially crafted ICMPv4 packet. No user interaction or special privileges are required. The out-of-bounds read occurs during packet processing, potentially leaking sensitive data or causing a crash [1].

Impact

Successful exploitation may result in information disclosure (reading unintended memory contents) or denial of service due to a crash. The exact impact depends on the device's configuration and the data adjacent to the read buffer. In some embedded systems, this could lead to further compromise, though the primary risk is information leakage or service disruption [1].

Mitigation

Treck has released version 6.0.1.67 which addresses this vulnerability; users should update to this or later versions [1]. Downstream vendors, including Dell and Cisco, have issued patches for affected products—see Dell advisory DSA-2020-143 [3] and Cisco Security Advisory cisco-sa-treck-ip-stack-JyBQ5GyC [4]. As a workaround, network administrators can block anomalous ICMP traffic using deep packet inspection or firewall rules [1].