Multiple Vulnerabilities in Treck TCP/IP software library (Ripple20)
Original Issue Date: June 22, 2020
Severity Rating: High
- Implementations of Treck TCP/IP Stack software library version 184.108.40.206 and prior
Multiple vulnerabilities have been reported in Treck TCP/IP software library, which could be exploited by a remote attacker to gain access to sensitive information or perform a denial of service (DoS) attack or execute arbitrary code and take control of an affected system.
Treck TCP/IP stack software is designed for and used in a variety of IoT and embedded systems. The software can be licensed and integrated in various ways, including compiled from source, licensed for modification and reuse and finally as a dynamic or static linked library.
The vulnerabilities exist due to improper handling of length parameter inconsistency, improper input validation, out-of-bounds read, integer overflow, improper null termination, and improper access control of the affected system.
Successful exploitation of these vulnerabilities allow a remote attacker to execute arbitrary code, gain access to sensitive information or perform a denial of service (DoS) attack on the target system.
Update to the latest version of Treck TCP/IP stack software (220.127.116.11 or later)
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003