CyberSec.Space Logo
Back to CVE Browser

CVE-2018-20578

HIGH
7.5
CVSS Severity Score
EPSS Score0.0420%
EPSS Percentile6.15th
PublishedDec 28, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in NuttX before 7.27. The function netlib_parsehttpurl() in apps/netutils/netlib/netlib_parsehttpurl.c mishandles URLs longer than hostlen bytes (in the webclient, this is set by default to 40), leading to an Infinite Loop. The attack vector is the Location header of an HTTP 3xx response.

Affected Platforms (CPE)

πŸ“¦
Nuttx

Nuttx

< 7.27

References & Advisories

πŸ”— https://bitbucket.org/nuttx/nuttx/downloads/nuttx-7_27-README.txt
πŸ”— https://bitbucket.org/nuttx/nuttx/issues/119/denial-of-service-infinite-loop-while
πŸ”— https://bitbucket.org/nuttx/nuttx/downloads/nuttx-7_27-README.txt
πŸ”— https://bitbucket.org/nuttx/nuttx/issues/119/denial-of-service-infinite-loop-while

Related Vulnerabilities

CVE-2020-19399.8

The Apache NuttX (Incubating) project provides an optional separate "apps" repository which contains various optional components a...

CVE-2020-175299.8

Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows a...

CVE-2021-264619.8

Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improp...

CVE-2020-175289.1

Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows a...