CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-20578

HIGH
7.5
CVSS Severity Score
EPSS Score0.0420%
EPSS Percentile6.15th
Published2018年12月28日
Last Modified2024年11月21日

Vulnerability Description

An issue was discovered in NuttX before 7.27. The function netlib_parsehttpurl() in apps/netutils/netlib/netlib_parsehttpurl.c mishandles URLs longer than hostlen bytes (in the webclient, this is set by default to 40), leading to an Infinite Loop. The attack vector is the Location header of an HTTP 3xx response.

Affected Platforms (CPE)

📦
Nuttx

Nuttx

< 7.27

References & Advisories

🔗 https://bitbucket.org/nuttx/nuttx/downloads/nuttx-7_27-README.txt
🔗 https://bitbucket.org/nuttx/nuttx/issues/119/denial-of-service-infinite-loop-while
🔗 https://bitbucket.org/nuttx/nuttx/downloads/nuttx-7_27-README.txt
🔗 https://bitbucket.org/nuttx/nuttx/issues/119/denial-of-service-infinite-loop-while

関連する脆弱性情報

CVE-2020-19399.8

The Apache NuttX (Incubating) project provides an optional separate "apps" repository which contains various optional components a...

CVE-2020-175299.8

Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows a...

CVE-2021-264619.8

Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improp...

CVE-2020-175289.1

Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows a...