Versions Compared

Version Old Version 2 New Version Current
Changes made by

Maher Azarkan

Maher Azarkan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Page Properties
TitleWrong handling of the UDP checksum
Reporter-Internal
Hilscher Ticket
Show if
groupHilscher Subsidiary Atlassian Users, Hilscher Germany Atlassian Users

Hilscher Ticketkey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution652f1763-f45a-3496-b650-0d5d39d72b0fSEC-1



AffectsAll Hilscher rcX RTOS versions prior to V2.1.14.1
Not affectedrcX V2.1.14.1
Impactdenial-of-service
CVSS4.6
Severity

Status
colourYellow
titleMedium
 

Last modified

 

Vulnerability Description

Short Decription

The actual UDP packet length is not verified against the length indicated by the packet (IP-Header).

Detailed Description

The actual UDP packet length is not verified against the length indicated by the packet (IP-Header). In case of an invalid UPD frame that has a very high UDP length value the UDP checksum calculation can take a considerable time during which other tasks running with a lower priority are blocked. This could be used for executing a denial-of-service attack.

Vulnerability Severity

CVSS v3 Base Score4.6
CVSS v3 Temporal Score-
CVSS v3 Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L/E:F/RL:U/RC:C

CVSS v3 Link:https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L/E:F/RL:U/RC:C


Impact / Implications

Specially crafted packets could cause a denial-of-srvice on the target device.

Corrective Action or Resolution

Affected users should upgrade the rcX version to V2.1.14.1 when possible.

Disclaimer

The security advisory and information contained herein, are provided on an "as is" basis and do not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. The information in this advisory should not be construed as a commitment by Hilscher. In no event shall Hilscher be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, nor shall Hilscher be liable for incidental or consequential damages arising from use of any software or hardware described in this advisory.
Hilscher provides no warranty, express or implied, for the information contained in this document, and assumes no responsibility for the information contained in this document or for any errors that may appear in this document. Your use of the advisory and information contained herein, or materials linked from the advisory, is at your own risk.  Information in this advisory and any related communications is based on our knowledge at the time of publication and is subject to change without notice. Hilscher reserves the right to change or update advisorys at any time.