vulnerability

Huawei EulerOS: CVE-2020-17438: open-iscsi security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Dec 11, 2020	Jun 2, 2021	Apr 1, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Dec 11, 2020

Added

Jun 2, 2021

Modified

Apr 1, 2026

Description

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails to properly validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP header. By crafting a packet with specific values of the IP header length and the fragmentation offset, attackers can write into the .bss section of the program (past the statically allocated buffer that is used for storing the fragmented data) and cause a denial of service in uip_reass() in uip.c, or possibly execute arbitrary code on some target architectures.

Solution

huawei-euleros-2_0_sp9-upgrade-open-iscsi

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report