FNET
Products
1- 6 CVEs
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-24383 | Cri | 0.60 | 9.1 | 0.05 | Dec 11, 2020 | An issue was discovered in FNET through 4.6.4. The code for processing resource records in mDNS queries doesn't check for proper '\0' termination of the resource record name string, leading to an out-of-bounds read, and potentially causing information leak or Denial-or-Service. | ||
| CVE-2020-27633 | Cri | 0.59 | 9.1 | 0.01 | Oct 10, 2023 | In FNET 4.6.3, TCP ISNs are improperly random. | ||
| CVE-2020-17467 | Cri | 0.59 | 9.1 | 0.03 | Dec 11, 2020 | An issue was discovered in FNET through 4.6.4. The code for processing the hostname from an LLMNR request doesn't check for '\0' termination. Therefore, the deduced length of the hostname doesn't reflect the correct length of the actual data. This may lead to Information… | ||
| CVE-2020-17469 | Hig | 0.49 | 7.5 | 0.03 | Dec 11, 2020 | An issue was discovered in FNET through 4.6.4. The code for IPv6 fragment reassembly tries to access a previous fragment starting from a network incoming fragment that still doesn't have a reference to the previous one (which supposedly resides in the reassembly list). When… | ||
| CVE-2020-17468 | Hig | 0.49 | 7.5 | 0.03 | Dec 11, 2020 | An issue was discovered in FNET through 4.6.4. The code for processing the hop-by-hop header (in the IPv6 extension headers) doesn't check for a valid length of an extension header, and therefore an out-of-bounds read can occur in _fnet_ip6_ext_header_handler_options in… | ||
| CVE-2020-17470 | Med | 0.35 | 5.3 | 0.02 | Dec 11, 2020 | An issue was discovered in FNET through 4.6.4. The code that initializes the DNS client interface structure does not set sufficiently random transaction IDs (they are always set to 1 in _fnet_dns_poll in fnet_dns.c). This significantly simplifies DNS cache poisoning attacks. |
- risk 0.60cvss 9.1epss 0.05
An issue was discovered in FNET through 4.6.4. The code for processing resource records in mDNS queries doesn't check for proper '\0' termination of the resource record name string, leading to an out-of-bounds read, and potentially causing information leak or Denial-or-Service.
- risk 0.59cvss 9.1epss 0.01
In FNET 4.6.3, TCP ISNs are improperly random.
- risk 0.59cvss 9.1epss 0.03
An issue was discovered in FNET through 4.6.4. The code for processing the hostname from an LLMNR request doesn't check for '\0' termination. Therefore, the deduced length of the hostname doesn't reflect the correct length of the actual data. This may lead to Information…
- risk 0.49cvss 7.5epss 0.03
An issue was discovered in FNET through 4.6.4. The code for IPv6 fragment reassembly tries to access a previous fragment starting from a network incoming fragment that still doesn't have a reference to the previous one (which supposedly resides in the reassembly list). When…
- risk 0.49cvss 7.5epss 0.03
An issue was discovered in FNET through 4.6.4. The code for processing the hop-by-hop header (in the IPv6 extension headers) doesn't check for a valid length of an extension header, and therefore an out-of-bounds read can occur in _fnet_ip6_ext_header_handler_options in…
- risk 0.35cvss 5.3epss 0.02
An issue was discovered in FNET through 4.6.4. The code that initializes the DNS client interface structure does not set sufficiently random transaction IDs (they are always set to 1 in _fnet_dns_poll in fnet_dns.c). This significantly simplifies DNS cache poisoning attacks.