virtualsquare
Products
1- 9 CVEs
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-35846 | 0.00 | — | 0.01 | Jun 19, 2023 | VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not check the transport layer length in a frame before performing port filtering. | |||
| CVE-2023-35849 | 0.00 | — | 0.01 | Jun 19, 2023 | VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly check whether header sizes would result in accessing data outside of a packet. | |||
| CVE-2023-35848 | 0.00 | — | 0.01 | Jun 19, 2023 | VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 lacks certain size calculations before attempting to set a value of an mss structure member. | |||
| CVE-2023-35847 | 0.00 | — | 0.01 | Jun 19, 2023 | VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not have an MSS lower bound (e.g., it could be zero). | |||
| CVE-2021-33304 | 0.00 | — | 0.01 | Feb 15, 2023 | Double Free vulnerability in virtualsquare picoTCP v1.7.0 and picoTCP-NG v2.1 in modules/pico_fragments.c in function pico_fragments_reassemble, allows attackers to execute arbitrary code. | |||
| CVE-2020-24341 | 0.00 | — | 0.05 | Dec 11, 2020 | An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The TCP input data processing function in pico_tcp.c does not validate the length of incoming TCP packets, which leads to an out-of-bounds read when assembling received packets into a data segment, eventually… | |||
| CVE-2020-24340 | 0.00 | — | 0.03 | Dec 11, 2020 | An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The code that processes DNS responses in pico_mdns_handle_data_as_answers_generic() in pico_mdns.c does not check whether the number of answers/responses specified in a DNS packet header corresponds to the response… | |||
| CVE-2020-24339 | 0.00 | — | 0.03 | Dec 11, 2020 | An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The DNS domain name record decompression functionality in pico_dns_decompress_name() in pico_dns_common.c does not validate the compression pointer offset values with respect to the actual data present in a DNS… | |||
| CVE-2020-24337 | 0.00 | — | 0.03 | Dec 11, 2020 | An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. When an unsupported TCP option with zero length is provided in an incoming TCP packet, it is possible to cause a Denial-of-Service by achieving an infinite loop in the code that parses TCP options, aka… |
- CVE-2023-35846Jun 19, 2023risk 0.00cvss —epss 0.01
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not check the transport layer length in a frame before performing port filtering.
- CVE-2023-35849Jun 19, 2023risk 0.00cvss —epss 0.01
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly check whether header sizes would result in accessing data outside of a packet.
- CVE-2023-35848Jun 19, 2023risk 0.00cvss —epss 0.01
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 lacks certain size calculations before attempting to set a value of an mss structure member.
- CVE-2023-35847Jun 19, 2023risk 0.00cvss —epss 0.01
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not have an MSS lower bound (e.g., it could be zero).
- CVE-2021-33304Feb 15, 2023risk 0.00cvss —epss 0.01
Double Free vulnerability in virtualsquare picoTCP v1.7.0 and picoTCP-NG v2.1 in modules/pico_fragments.c in function pico_fragments_reassemble, allows attackers to execute arbitrary code.
- CVE-2020-24341Dec 11, 2020risk 0.00cvss —epss 0.05
An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The TCP input data processing function in pico_tcp.c does not validate the length of incoming TCP packets, which leads to an out-of-bounds read when assembling received packets into a data segment, eventually…
- CVE-2020-24340Dec 11, 2020risk 0.00cvss —epss 0.03
An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The code that processes DNS responses in pico_mdns_handle_data_as_answers_generic() in pico_mdns.c does not check whether the number of answers/responses specified in a DNS packet header corresponds to the response…
- CVE-2020-24339Dec 11, 2020risk 0.00cvss —epss 0.03
An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The DNS domain name record decompression functionality in pico_dns_decompress_name() in pico_dns_common.c does not validate the compression pointer offset values with respect to the actual data present in a DNS…
- CVE-2020-24337Dec 11, 2020risk 0.00cvss —epss 0.03
An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. When an unsupported TCP option with zero length is provided in an incoming TCP packet, it is possible to cause a Denial-of-Service by achieving an infinite loop in the code that parses TCP options, aka…