VYPR

Lwip

by Lwip Project

CVEs (4)

  • CVE-2026-8836CriMay 18, 2026
    risk 0.57cvss 9.8epss 0.01

    A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmp_parse_inbound_frame of the file src/apps/snmp/snmp_msg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument msgAuthenticationParameters results in stack-based buffer…

  • CVE-2020-22284Jul 22, 2021
    risk 0.00cvss epss 0.01

    A buffer overflow vulnerability in the zepif_linkoutput() function of Free Software Foundation lwIP git head version and version 2.1.2 allows attackers to access sensitive information via a crafted 6LoWPAN packet.

  • CVE-2020-22283Jul 22, 2021
    risk 0.00cvss epss 0.01

    A buffer overflow vulnerability in the icmp6_send_response_with_addrs_and_netif() function of Free Software Foundation lwIP version git head allows attackers to access sensitive information via a crafted ICMPv6 packet.

  • CVE-2014-4883Nov 28, 2014
    risk 0.00cvss epss 0.01

    resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed…