CVE-2020-17529

CVE-2020-17529: Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header

Vendor Apache Software Foundation

Product Apache NuttX (incubating)

Weakness CWE-787

Published December 9, 2020

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP header. This is only impacts builds with both CONFIG_EXPERIMENTAL and CONFIG_NET_TCP_REASSEMBLY build flags enabled.

Key dates

02Disclosure timeline

December 9, 2020 CVE published

February 13, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-17529

Related vulnerabilities

Identifiers

CVE CVE-2020-17529

CWE CWE-787

Affected versions

Vendor Apache Software Foundation

Product Apache NuttX (incubating)

Affected ≥ unspecified and ≤ 9.1.0

Vendor Apache Software Foundation

Product Apache NuttX (incubating)

Affected 10.0.0

CVE-2020-17529: Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header

01Description

02Disclosure timeline

03References

04Related CVE