CVE-2020-24383

CRITICAL

FNET <4.6.4 - Memory Corruption

Title source: llm
STIX 2.1

Description

An issue was discovered in FNET through 4.6.4. The code for processing resource records in mDNS queries doesn't check for proper '\0' termination of the resource record name string, leading to an out-of-bounds read, and potentially causing information leak or Denial-or-Service.

References (2)

Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://www.kb.cert.org/vuls/id/815128
Third Party Advisory, US Government Resource x_refsource_misc
https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01

Scores

CVSS v3 9.1
EPSS 0.0074
EPSS Percentile 73.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Details

CWE
CWE-125
Status published
Products (1)
butok/fnet < 4.6.4
Published Dec 11, 2020
Tracked Since Feb 18, 2026