CVE-2021-26788: Input Validation

Q: What is CVE-2021-26788?

CVE-2021-26788 is a vulnerability in Oryx Embedded CycloneTCP versions 1.7.6 to 2.0.0, which is fixed in version 2.0.2.

Q: How does CVE-2021-26788 affect Oryx Embedded CycloneTCP?

CVE-2021-26788 affects Oryx Embedded CycloneTCP by causing incorrect input validation, leading to a potential denial of service (DoS) attack.

Q: How can an attacker exploit CVE-2021-26788?

To exploit CVE-2021-26788, an attacker needs TCP connectivity to the target system and can send a maliciously crafted TCP packet.

Q: What is the severity of CVE-2021-26788?

The severity of CVE-2021-26788 is high, with a severity score of 7.5.

Q: How can I fix CVE-2021-26788?

To fix CVE-2021-26788, upgrade Oryx Embedded CycloneTCP to version 2.0.2 or later.

Published Mar 8, 2021

Updated

Oryx Embedded CycloneTCP 1.7.6 to 2.0.0, fixed in 2.0.2, is affected by incorrect input validation, which may cause a denial of service (DoS). To exploit the vulnerability, an attacker needs to have TCP connectivity to the target system. Receiving a maliciously crafted TCP packet from an unauthenticated endpoint is sufficient to trigger the bug.

Affected Software

1 affected component

Oryx-embedded Cyclonetcp>=1.7.6<=2.0.0

Remediation

Patch Available

https://github.com/Oryx-Embedded/CycloneTCP/commit/de5336016edbe1e90327d0ed1cba5c4e49114366?branch=de5336016edbe1e90327d0ed1cba5c4e49114366&diff=split

Event History

Mar 8, 2021

CVE Published

via MITRE·12:53 PM

Data Sourced

via MITRE·12:53 PM

Description

Frequently Asked Questions

What is CVE-2021-26788?

CVE-2021-26788 is a vulnerability in Oryx Embedded CycloneTCP versions 1.7.6 to 2.0.0, which is fixed in version 2.0.2.

How does CVE-2021-26788 affect Oryx Embedded CycloneTCP?

CVE-2021-26788 affects Oryx Embedded CycloneTCP by causing incorrect input validation, leading to a potential denial of service (DoS) attack.

How can an attacker exploit CVE-2021-26788?

To exploit CVE-2021-26788, an attacker needs TCP connectivity to the target system and can send a maliciously crafted TCP packet.

What is the severity of CVE-2021-26788?

The severity of CVE-2021-26788 is high, with a severity score of 7.5.

How can I fix CVE-2021-26788?

To fix CVE-2021-26788, upgrade Oryx Embedded CycloneTCP to version 2.0.2 or later.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

CVE-2021-26788: Input Validation

Affected Software

Remediation

Patch Available

Event History

Don't miss critical vulnerabilities

Frequently Asked Questions

What is CVE-2021-26788?

How does CVE-2021-26788 affect Oryx Embedded CycloneTCP?

How can an attacker exploit CVE-2021-26788?

What is the severity of CVE-2021-26788?

How can I fix CVE-2021-26788?

Company

Resources

Contact