Daniele Lacamera - Security Researcher - Exploit Intelligence Platform

CVE-2023-35846 WRITEUP HIGH WRITEUP

VirtualSquare picoTCP <2.1 - Buffer Overflow

VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not check the transport layer length in a frame before performing port filtering.

CVSS 7.5

View Code

CVE-2023-35847 WRITEUP HIGH WRITEUP

VirtualSquare picoTCP < 2.1 - Use of Uninitialized Resource

VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not have an MSS lower bound (e.g., it could be zero).

CVSS 7.5

View Code

CVE-2023-35849 WRITEUP HIGH WRITEUP

VirtualSquare picoTCP < 2.1 - Denial of Service via Improper Header Size Check

VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly check whether header sizes would result in accessing data outside of a packet.

CVSS 7.5

View Code