Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-13987 (GCVE-0-2020-13987)
Vulnerability from cvelistv5
Published
2020-12-11 21:37
Modified
2024-08-04 12:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf | Patch, Third Party Advisory | |
| cve@mitre.org | https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01 | Third Party Advisory, US Government Resource | |
| cve@mitre.org | https://www.kb.cert.org/vuls/id/815128 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/815128 | Third Party Advisory, US Government Resource |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:32:14.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/815128"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-09T14:06:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.kb.cert.org/vuls/id/815128"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.kb.cert.org/vuls/id/815128",
"refsource": "MISC",
"url": "https://www.kb.cert.org/vuls/id/815128"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13987",
"datePublished": "2020-12-11T21:37:06",
"dateReserved": "2020-06-09T00:00:00",
"dateUpdated": "2024-08-04T12:32:14.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2020-13987\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-12-11T22:15:12.543\",\"lastModified\":\"2024-11-21T05:02:17.680\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un problema en Contiki versiones hasta 3.0.\u0026#xa0;Se presenta una vulnerabilidad de Lectura Fuera de L\u00edmites en el componente uIP TCP/IP Stack cuando se calculan las sumas de comprobaci\u00f3n para paquetes IP en la funci\u00f3n upper_layer_chksum en el archivo net/ipv4/uip.c\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:uip_project:uip:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.0\",\"matchCriteriaId\":\"98518C5F-7D0A-4B03-A062-651E613A01BE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:contiki-os:contiki:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.0\",\"matchCriteriaId\":\"EBD2BE71-F851-4136-816D-EF61154FD2C4\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-iscsi_project:open-iscsi:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.1.12\",\"matchCriteriaId\":\"82EAB4C1-AAC8-431E-AED1-1845AC303201\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sentron_3va_com100_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.4.1\",\"matchCriteriaId\":\"507AAF60-4AFE-4D80-A698-13BD5818CAE7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:sentron_3va_com100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C308EF6-7893-44EF-978E-9019B0060911\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sentron_3va_com800_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.4.1\",\"matchCriteriaId\":\"08B3AAE7-AAC6-4ECC-9338-AC8841336C59\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:sentron_3va_com800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CECE258-D12A-4483-AF4B-A63FAD08A767\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sentron_pac3200_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.4.7\",\"matchCriteriaId\":\"92EDAF30-8EC2-4C76-BD27-6C6084B9CA03\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:sentron_pac3200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"624451C4-149D-4FEE-B2FB-020574F03231\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sentron_pac4200_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.3.0\",\"matchCriteriaId\":\"E46CC95C-7941-4B23-A0E9-79AB18A6E9C2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:sentron_pac4200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B48B5DE2-25BF-44A1-BB12-A734DD4A9560\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/815128\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/815128\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
}
}
wid-sec-w-2022-1044
Vulnerability from csaf_certbund
Published
2020-12-08 23:00
Modified
2023-07-27 22:00
Summary
TCP/IP Stack: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der TCP/IP-Stack bzw. die Internet Protocol Suite ist eine Reihe von Kommunikationsprotokollen, die vom Internet oder ähnlichen Netzwerken verwendet werden.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in TCP/IP Stack ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, einen Denial of Service Angriff durchzuführen, vertrauliche Daten einzusehen oder Daten zu manipulieren.
Betroffene Betriebssysteme
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "kritisch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der TCP/IP-Stack bzw. die Internet Protocol Suite ist eine Reihe von Kommunikationsprotokollen, die vom Internet oder \u00e4hnlichen Netzwerken verwendet werden.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in TCP/IP Stack ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, einen Denial of Service Angriff durchzuf\u00fchren, vertrauliche Daten einzusehen oder Daten zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-1044 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2022-1044.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-1044 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1044"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6259-1 vom 2023-07-27",
"url": "https://ubuntu.com/security/notices/USN-6259-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:1164-1 vom 2021-04-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008619.html"
},
{
"category": "external",
"summary": "US ICS CERT Advisory ICSA-20-343-01 vom 2020-12-08",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"
},
{
"category": "external",
"summary": "Pressemeldung des BSI vom 2020-12-08",
"url": "https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/Amnesia_201208.html"
},
{
"category": "external",
"summary": "Unify Security Advisory Report OBSO-2101-01 vom 2021-01-08",
"url": "https://networks.unify.com/security/advisories/OBSO-2101-01.pdf"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:0663-1 vom 2021-03-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008407.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:2806-1 vom 2022-08-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-August/011912.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:2861-1 vom 2022-08-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-August/011958.html"
}
],
"source_lang": "en-US",
"title": "TCP/IP Stack: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-07-27T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:33:24.059+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2022-1044",
"initial_release_date": "2020-12-08T23:00:00.000+00:00",
"revision_history": [
{
"date": "2020-12-08T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2020-12-14T23:00:00.000+00:00",
"number": "2",
"summary": "Schreibfehler korrigiert"
},
{
"date": "2021-01-10T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Unify aufgenommen"
},
{
"date": "2021-03-01T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-04-13T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-08-15T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-08-22T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-07-27T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Ubuntu aufgenommen"
}
],
"status": "final",
"version": "8"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Open Source TCP/IP Stack",
"product": {
"name": "Open Source TCP/IP Stack",
"product_id": "T017866",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:tcpip_stack:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
},
{
"branches": [
{
"category": "product_name",
"name": "Unify OpenScape 4000",
"product": {
"name": "Unify OpenScape 4000",
"product_id": "T018011",
"product_identification_helper": {
"cpe": "cpe:/h:unify:openscape_4000:-"
}
}
},
{
"category": "product_name",
"name": "Unify OpenScape Alarm Response",
"product": {
"name": "Unify OpenScape Alarm Response",
"product_id": "T018013",
"product_identification_helper": {
"cpe": "cpe:/h:unify:openscape_alarm_response:-"
}
}
},
{
"category": "product_name",
"name": "Unify OpenScape Business",
"product": {
"name": "Unify OpenScape Business",
"product_id": "T018012",
"product_identification_helper": {
"cpe": "cpe:/a:unify:openscape_business:-"
}
}
},
{
"category": "product_name",
"name": "Unify OpenScape Common Management Platform",
"product": {
"name": "Unify OpenScape Common Management Platform",
"product_id": "T018017",
"product_identification_helper": {
"cpe": "cpe:/a:unify:openscape_common_management_platform:-"
}
}
},
{
"category": "product_name",
"name": "Unify OpenScape Cordless IP",
"product": {
"name": "Unify OpenScape Cordless IP",
"product_id": "T018016",
"product_identification_helper": {
"cpe": "cpe:/a:unify:openscape_cordless_ip:-"
}
}
},
{
"category": "product_name",
"name": "Unify OpenScape Desk Phone",
"product": {
"name": "Unify OpenScape Desk Phone",
"product_id": "T018015",
"product_identification_helper": {
"cpe": "cpe:/h:unify:openscape_deskphone:-"
}
}
},
{
"category": "product_name",
"name": "Unify OpenScape Xpert",
"product": {
"name": "Unify OpenScape Xpert",
"product_id": "T018014",
"product_identification_helper": {
"cpe": "cpe:/h:unify:openscape_xpert:-"
}
}
}
],
"category": "vendor",
"name": "Unify"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13984",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-13984"
},
{
"cve": "CVE-2020-13985",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-13985"
},
{
"cve": "CVE-2020-13986",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-13986"
},
{
"cve": "CVE-2020-13987",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-13987"
},
{
"cve": "CVE-2020-13988",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-13988"
},
{
"cve": "CVE-2020-17437",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-17437"
},
{
"cve": "CVE-2020-17438",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-17438"
},
{
"cve": "CVE-2020-17439",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-17439"
},
{
"cve": "CVE-2020-17440",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-17440"
},
{
"cve": "CVE-2020-17441",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-17441"
},
{
"cve": "CVE-2020-17442",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-17442"
},
{
"cve": "CVE-2020-17443",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-17443"
},
{
"cve": "CVE-2020-17444",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-17444"
},
{
"cve": "CVE-2020-17445",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-17445"
},
{
"cve": "CVE-2020-17467",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-17467"
},
{
"cve": "CVE-2020-17468",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-17468"
},
{
"cve": "CVE-2020-17469",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-17469"
},
{
"cve": "CVE-2020-17470",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-17470"
},
{
"cve": "CVE-2020-24334",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-24334"
},
{
"cve": "CVE-2020-24335",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-24335"
},
{
"cve": "CVE-2020-24336",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-24336"
},
{
"cve": "CVE-2020-24337",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-24337"
},
{
"cve": "CVE-2020-24338",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-24338"
},
{
"cve": "CVE-2020-24339",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-24339"
},
{
"cve": "CVE-2020-24340",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-24340"
},
{
"cve": "CVE-2020-24341",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-24341"
},
{
"cve": "CVE-2020-24383",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-24383"
},
{
"cve": "CVE-2020-25107",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-25107"
},
{
"cve": "CVE-2020-25108",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-25108"
},
{
"cve": "CVE-2020-25109",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-25109"
},
{
"cve": "CVE-2020-25110",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-25110"
},
{
"cve": "CVE-2020-25111",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-25111"
},
{
"cve": "CVE-2020-25112",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-25112"
}
]
}
WID-SEC-W-2022-1044
Vulnerability from csaf_certbund
Published
2020-12-08 23:00
Modified
2023-07-27 22:00
Summary
TCP/IP Stack: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der TCP/IP-Stack bzw. die Internet Protocol Suite ist eine Reihe von Kommunikationsprotokollen, die vom Internet oder ähnlichen Netzwerken verwendet werden.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in TCP/IP Stack ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, einen Denial of Service Angriff durchzuführen, vertrauliche Daten einzusehen oder Daten zu manipulieren.
Betroffene Betriebssysteme
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "kritisch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der TCP/IP-Stack bzw. die Internet Protocol Suite ist eine Reihe von Kommunikationsprotokollen, die vom Internet oder \u00e4hnlichen Netzwerken verwendet werden.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in TCP/IP Stack ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, einen Denial of Service Angriff durchzuf\u00fchren, vertrauliche Daten einzusehen oder Daten zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-1044 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2022-1044.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-1044 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1044"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6259-1 vom 2023-07-27",
"url": "https://ubuntu.com/security/notices/USN-6259-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:1164-1 vom 2021-04-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008619.html"
},
{
"category": "external",
"summary": "US ICS CERT Advisory ICSA-20-343-01 vom 2020-12-08",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"
},
{
"category": "external",
"summary": "Pressemeldung des BSI vom 2020-12-08",
"url": "https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/Amnesia_201208.html"
},
{
"category": "external",
"summary": "Unify Security Advisory Report OBSO-2101-01 vom 2021-01-08",
"url": "https://networks.unify.com/security/advisories/OBSO-2101-01.pdf"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:0663-1 vom 2021-03-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008407.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:2806-1 vom 2022-08-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-August/011912.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:2861-1 vom 2022-08-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-August/011958.html"
}
],
"source_lang": "en-US",
"title": "TCP/IP Stack: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-07-27T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:33:24.059+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2022-1044",
"initial_release_date": "2020-12-08T23:00:00.000+00:00",
"revision_history": [
{
"date": "2020-12-08T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2020-12-14T23:00:00.000+00:00",
"number": "2",
"summary": "Schreibfehler korrigiert"
},
{
"date": "2021-01-10T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Unify aufgenommen"
},
{
"date": "2021-03-01T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-04-13T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-08-15T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-08-22T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-07-27T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Ubuntu aufgenommen"
}
],
"status": "final",
"version": "8"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Open Source TCP/IP Stack",
"product": {
"name": "Open Source TCP/IP Stack",
"product_id": "T017866",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:tcpip_stack:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
},
{
"branches": [
{
"category": "product_name",
"name": "Unify OpenScape 4000",
"product": {
"name": "Unify OpenScape 4000",
"product_id": "T018011",
"product_identification_helper": {
"cpe": "cpe:/h:unify:openscape_4000:-"
}
}
},
{
"category": "product_name",
"name": "Unify OpenScape Alarm Response",
"product": {
"name": "Unify OpenScape Alarm Response",
"product_id": "T018013",
"product_identification_helper": {
"cpe": "cpe:/h:unify:openscape_alarm_response:-"
}
}
},
{
"category": "product_name",
"name": "Unify OpenScape Business",
"product": {
"name": "Unify OpenScape Business",
"product_id": "T018012",
"product_identification_helper": {
"cpe": "cpe:/a:unify:openscape_business:-"
}
}
},
{
"category": "product_name",
"name": "Unify OpenScape Common Management Platform",
"product": {
"name": "Unify OpenScape Common Management Platform",
"product_id": "T018017",
"product_identification_helper": {
"cpe": "cpe:/a:unify:openscape_common_management_platform:-"
}
}
},
{
"category": "product_name",
"name": "Unify OpenScape Cordless IP",
"product": {
"name": "Unify OpenScape Cordless IP",
"product_id": "T018016",
"product_identification_helper": {
"cpe": "cpe:/a:unify:openscape_cordless_ip:-"
}
}
},
{
"category": "product_name",
"name": "Unify OpenScape Desk Phone",
"product": {
"name": "Unify OpenScape Desk Phone",
"product_id": "T018015",
"product_identification_helper": {
"cpe": "cpe:/h:unify:openscape_deskphone:-"
}
}
},
{
"category": "product_name",
"name": "Unify OpenScape Xpert",
"product": {
"name": "Unify OpenScape Xpert",
"product_id": "T018014",
"product_identification_helper": {
"cpe": "cpe:/h:unify:openscape_xpert:-"
}
}
}
],
"category": "vendor",
"name": "Unify"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13984",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-13984"
},
{
"cve": "CVE-2020-13985",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-13985"
},
{
"cve": "CVE-2020-13986",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-13986"
},
{
"cve": "CVE-2020-13987",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-13987"
},
{
"cve": "CVE-2020-13988",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-13988"
},
{
"cve": "CVE-2020-17437",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-17437"
},
{
"cve": "CVE-2020-17438",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-17438"
},
{
"cve": "CVE-2020-17439",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-17439"
},
{
"cve": "CVE-2020-17440",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-17440"
},
{
"cve": "CVE-2020-17441",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-17441"
},
{
"cve": "CVE-2020-17442",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-17442"
},
{
"cve": "CVE-2020-17443",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-17443"
},
{
"cve": "CVE-2020-17444",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-17444"
},
{
"cve": "CVE-2020-17445",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-17445"
},
{
"cve": "CVE-2020-17467",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-17467"
},
{
"cve": "CVE-2020-17468",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-17468"
},
{
"cve": "CVE-2020-17469",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-17469"
},
{
"cve": "CVE-2020-17470",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-17470"
},
{
"cve": "CVE-2020-24334",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-24334"
},
{
"cve": "CVE-2020-24335",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-24335"
},
{
"cve": "CVE-2020-24336",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-24336"
},
{
"cve": "CVE-2020-24337",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-24337"
},
{
"cve": "CVE-2020-24338",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-24338"
},
{
"cve": "CVE-2020-24339",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-24339"
},
{
"cve": "CVE-2020-24340",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-24340"
},
{
"cve": "CVE-2020-24341",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-24341"
},
{
"cve": "CVE-2020-24383",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-24383"
},
{
"cve": "CVE-2020-25107",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-25107"
},
{
"cve": "CVE-2020-25108",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-25108"
},
{
"cve": "CVE-2020-25109",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-25109"
},
{
"cve": "CVE-2020-25110",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-25110"
},
{
"cve": "CVE-2020-25111",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-25111"
},
{
"cve": "CVE-2020-25112",
"notes": [
{
"category": "description",
"text": "Im TCP/IP Stack existieren mehrere Schwachstellen in einer Vielzahl von Produkten aus den Bereichen IoT, Gesundheitswesen, Industrie und anderen Produkten von mehr als 150 verschiedenen Anbietern verwendet werden. Die Sammlung erhielt den Namen \"Amnesia:33\". Die Schwachstellen beruhen u. a. auf Puffer-\u00dcberlauf Fehlern, \"out-of-bounds\" Zugriffen oder Fehlern bei der Bereinigung von Eingaben. Ein Angreifer kann dieses zu Denial of Service Angriffen, zur Einsicht in vertrauliche Daten, zur Manipulation von Daten oder zur Ausf\u00fchrung von Code nutzen."
}
],
"product_status": {
"known_affected": [
"T018014",
"T018015",
"T018016",
"T018017",
"T002207",
"T000126",
"T017866",
"T018011",
"T018012",
"T018013"
]
},
"release_date": "2020-12-08T23:00:00.000+00:00",
"title": "CVE-2020-25112"
}
]
}
fkie_cve-2020-13987
Vulnerability from fkie_nvd
Published
2020-12-11 22:15
Modified
2024-11-21 05:02
Severity ?
Summary
An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf | Patch, Third Party Advisory | |
| cve@mitre.org | https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01 | Third Party Advisory, US Government Resource | |
| cve@mitre.org | https://www.kb.cert.org/vuls/id/815128 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/815128 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:uip_project:uip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98518C5F-7D0A-4B03-A062-651E613A01BE",
"versionEndIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:contiki-os:contiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD2BE71-F851-4136-816D-EF61154FD2C4",
"versionEndIncluding": "3.0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-iscsi_project:open-iscsi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82EAB4C1-AAC8-431E-AED1-1845AC303201",
"versionEndIncluding": "2.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sentron_3va_com100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "507AAF60-4AFE-4D80-A698-13BD5818CAE7",
"versionEndExcluding": "4.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sentron_3va_com100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C308EF6-7893-44EF-978E-9019B0060911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sentron_3va_com800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B3AAE7-AAC6-4ECC-9338-AC8841336C59",
"versionEndExcluding": "4.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sentron_3va_com800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CECE258-D12A-4483-AF4B-A63FAD08A767",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sentron_pac3200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92EDAF30-8EC2-4C76-BD27-6C6084B9CA03",
"versionEndExcluding": "2.4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sentron_pac3200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "624451C4-149D-4FEE-B2FB-020574F03231",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sentron_pac4200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E46CC95C-7941-4B23-A0E9-79AB18A6E9C2",
"versionEndExcluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sentron_pac4200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B48B5DE2-25BF-44A1-BB12-A734DD4A9560",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Contiki versiones hasta 3.0.\u0026#xa0;Se presenta una vulnerabilidad de Lectura Fuera de L\u00edmites en el componente uIP TCP/IP Stack cuando se calculan las sumas de comprobaci\u00f3n para paquetes IP en la funci\u00f3n upper_layer_chksum en el archivo net/ipv4/uip.c"
}
],
"id": "CVE-2020-13987",
"lastModified": "2024-11-21T05:02:17.680",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-11T22:15:12.543",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/815128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/815128"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
suse-ru-2021:1517-1
Vulnerability from csaf_suse
Published
2021-05-05 15:43
Modified
2021-05-05 15:43
Summary
Recommended update for open-iscsi
Notes
Title of the patch
Recommended update for open-iscsi
Description of the patch
This update for open-iscsi fixes the following issues:
- Enabled asynchronous logins for iscsi.service (bsc#1183421)
- Fixed a login issue when target is delayed
Patchnames
SUSE-2021-1517,SUSE-SLE-Module-Basesystem-15-SP2-2021-1517,SUSE-SUSE-MicroOS-5.0-2021-1517
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Recommended update for open-iscsi",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for open-iscsi fixes the following issues:\n\n- Enabled asynchronous logins for iscsi.service (bsc#1183421)\n- Fixed a login issue when target is delayed\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2021-1517,SUSE-SLE-Module-Basesystem-15-SP2-2021-1517,SUSE-SUSE-MicroOS-5.0-2021-1517",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-ru-2021_1517-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-RU-2021:1517-1",
"url": "https://www.suse.com/support/update/announcement//suse-ru-20211517-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-RU-2021:1517-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2021-May/018830.html"
},
{
"category": "self",
"summary": "SUSE Bug 1179908",
"url": "https://bugzilla.suse.com/1179908"
},
{
"category": "self",
"summary": "SUSE Bug 1183421",
"url": "https://bugzilla.suse.com/1183421"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13987 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13987/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13988 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13988/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-17437 page",
"url": "https://www.suse.com/security/cve/CVE-2020-17437/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-17438 page",
"url": "https://www.suse.com/security/cve/CVE-2020-17438/"
}
],
"title": "Recommended update for open-iscsi",
"tracking": {
"current_release_date": "2021-05-05T15:43:58Z",
"generator": {
"date": "2021-05-05T15:43:58Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-RU-2021:1517-1",
"initial_release_date": "2021-05-05T15:43:58Z",
"revision_history": [
{
"date": "2021-05-05T15:43:58Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "iscsiuio-0.7.8.6-22.14.1.aarch64",
"product": {
"name": "iscsiuio-0.7.8.6-22.14.1.aarch64",
"product_id": "iscsiuio-0.7.8.6-22.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopeniscsiusr0_2_0-2.1.4-22.14.1.aarch64",
"product": {
"name": "libopeniscsiusr0_2_0-2.1.4-22.14.1.aarch64",
"product_id": "libopeniscsiusr0_2_0-2.1.4-22.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "open-iscsi-2.1.4-22.14.1.aarch64",
"product": {
"name": "open-iscsi-2.1.4-22.14.1.aarch64",
"product_id": "open-iscsi-2.1.4-22.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "open-iscsi-devel-2.1.4-22.14.1.aarch64",
"product": {
"name": "open-iscsi-devel-2.1.4-22.14.1.aarch64",
"product_id": "open-iscsi-devel-2.1.4-22.14.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "iscsiuio-0.7.8.6-22.14.1.i586",
"product": {
"name": "iscsiuio-0.7.8.6-22.14.1.i586",
"product_id": "iscsiuio-0.7.8.6-22.14.1.i586"
}
},
{
"category": "product_version",
"name": "libopeniscsiusr0_2_0-2.1.4-22.14.1.i586",
"product": {
"name": "libopeniscsiusr0_2_0-2.1.4-22.14.1.i586",
"product_id": "libopeniscsiusr0_2_0-2.1.4-22.14.1.i586"
}
},
{
"category": "product_version",
"name": "open-iscsi-2.1.4-22.14.1.i586",
"product": {
"name": "open-iscsi-2.1.4-22.14.1.i586",
"product_id": "open-iscsi-2.1.4-22.14.1.i586"
}
},
{
"category": "product_version",
"name": "open-iscsi-devel-2.1.4-22.14.1.i586",
"product": {
"name": "open-iscsi-devel-2.1.4-22.14.1.i586",
"product_id": "open-iscsi-devel-2.1.4-22.14.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "iscsiuio-0.7.8.6-22.14.1.ppc64le",
"product": {
"name": "iscsiuio-0.7.8.6-22.14.1.ppc64le",
"product_id": "iscsiuio-0.7.8.6-22.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopeniscsiusr0_2_0-2.1.4-22.14.1.ppc64le",
"product": {
"name": "libopeniscsiusr0_2_0-2.1.4-22.14.1.ppc64le",
"product_id": "libopeniscsiusr0_2_0-2.1.4-22.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "open-iscsi-2.1.4-22.14.1.ppc64le",
"product": {
"name": "open-iscsi-2.1.4-22.14.1.ppc64le",
"product_id": "open-iscsi-2.1.4-22.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "open-iscsi-devel-2.1.4-22.14.1.ppc64le",
"product": {
"name": "open-iscsi-devel-2.1.4-22.14.1.ppc64le",
"product_id": "open-iscsi-devel-2.1.4-22.14.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "iscsiuio-0.7.8.6-22.14.1.s390x",
"product": {
"name": "iscsiuio-0.7.8.6-22.14.1.s390x",
"product_id": "iscsiuio-0.7.8.6-22.14.1.s390x"
}
},
{
"category": "product_version",
"name": "libopeniscsiusr0_2_0-2.1.4-22.14.1.s390x",
"product": {
"name": "libopeniscsiusr0_2_0-2.1.4-22.14.1.s390x",
"product_id": "libopeniscsiusr0_2_0-2.1.4-22.14.1.s390x"
}
},
{
"category": "product_version",
"name": "open-iscsi-2.1.4-22.14.1.s390x",
"product": {
"name": "open-iscsi-2.1.4-22.14.1.s390x",
"product_id": "open-iscsi-2.1.4-22.14.1.s390x"
}
},
{
"category": "product_version",
"name": "open-iscsi-devel-2.1.4-22.14.1.s390x",
"product": {
"name": "open-iscsi-devel-2.1.4-22.14.1.s390x",
"product_id": "open-iscsi-devel-2.1.4-22.14.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "iscsiuio-0.7.8.6-22.14.1.x86_64",
"product": {
"name": "iscsiuio-0.7.8.6-22.14.1.x86_64",
"product_id": "iscsiuio-0.7.8.6-22.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopeniscsiusr0_2_0-2.1.4-22.14.1.x86_64",
"product": {
"name": "libopeniscsiusr0_2_0-2.1.4-22.14.1.x86_64",
"product_id": "libopeniscsiusr0_2_0-2.1.4-22.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "open-iscsi-2.1.4-22.14.1.x86_64",
"product": {
"name": "open-iscsi-2.1.4-22.14.1.x86_64",
"product_id": "open-iscsi-2.1.4-22.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "open-iscsi-devel-2.1.4-22.14.1.x86_64",
"product": {
"name": "open-iscsi-devel-2.1.4-22.14.1.x86_64",
"product_id": "open-iscsi-devel-2.1.4-22.14.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.0",
"product": {
"name": "SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.6-22.14.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.aarch64"
},
"product_reference": "iscsiuio-0.7.8.6-22.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.6-22.14.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.ppc64le"
},
"product_reference": "iscsiuio-0.7.8.6-22.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.6-22.14.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.s390x"
},
"product_reference": "iscsiuio-0.7.8.6-22.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.6-22.14.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.x86_64"
},
"product_reference": "iscsiuio-0.7.8.6-22.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.1.4-22.14.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.aarch64"
},
"product_reference": "libopeniscsiusr0_2_0-2.1.4-22.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.1.4-22.14.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.ppc64le"
},
"product_reference": "libopeniscsiusr0_2_0-2.1.4-22.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.1.4-22.14.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.s390x"
},
"product_reference": "libopeniscsiusr0_2_0-2.1.4-22.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.1.4-22.14.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.x86_64"
},
"product_reference": "libopeniscsiusr0_2_0-2.1.4-22.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.1.4-22.14.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.aarch64"
},
"product_reference": "open-iscsi-2.1.4-22.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.1.4-22.14.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.ppc64le"
},
"product_reference": "open-iscsi-2.1.4-22.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.1.4-22.14.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.s390x"
},
"product_reference": "open-iscsi-2.1.4-22.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.1.4-22.14.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.x86_64"
},
"product_reference": "open-iscsi-2.1.4-22.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-devel-2.1.4-22.14.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.aarch64"
},
"product_reference": "open-iscsi-devel-2.1.4-22.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-devel-2.1.4-22.14.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.ppc64le"
},
"product_reference": "open-iscsi-devel-2.1.4-22.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-devel-2.1.4-22.14.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.s390x"
},
"product_reference": "open-iscsi-devel-2.1.4-22.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-devel-2.1.4-22.14.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.x86_64"
},
"product_reference": "open-iscsi-devel-2.1.4-22.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.6-22.14.1.aarch64 as component of SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0:iscsiuio-0.7.8.6-22.14.1.aarch64"
},
"product_reference": "iscsiuio-0.7.8.6-22.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.6-22.14.1.x86_64 as component of SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0:iscsiuio-0.7.8.6-22.14.1.x86_64"
},
"product_reference": "iscsiuio-0.7.8.6-22.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.1.4-22.14.1.aarch64 as component of SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0:libopeniscsiusr0_2_0-2.1.4-22.14.1.aarch64"
},
"product_reference": "libopeniscsiusr0_2_0-2.1.4-22.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.1.4-22.14.1.x86_64 as component of SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0:libopeniscsiusr0_2_0-2.1.4-22.14.1.x86_64"
},
"product_reference": "libopeniscsiusr0_2_0-2.1.4-22.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.1.4-22.14.1.aarch64 as component of SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0:open-iscsi-2.1.4-22.14.1.aarch64"
},
"product_reference": "open-iscsi-2.1.4-22.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.1.4-22.14.1.x86_64 as component of SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0:open-iscsi-2.1.4-22.14.1.x86_64"
},
"product_reference": "open-iscsi-2.1.4-22.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13987",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13987"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.0:iscsiuio-0.7.8.6-22.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:iscsiuio-0.7.8.6-22.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:libopeniscsiusr0_2_0-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:libopeniscsiusr0_2_0-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:open-iscsi-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:open-iscsi-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13987",
"url": "https://www.suse.com/security/cve/CVE-2020-13987"
},
{
"category": "external",
"summary": "SUSE Bug 1179907 for CVE-2020-13987",
"url": "https://bugzilla.suse.com/1179907"
},
{
"category": "external",
"summary": "SUSE Bug 1179908 for CVE-2020-13987",
"url": "https://bugzilla.suse.com/1179908"
},
{
"category": "external",
"summary": "SUSE Bug 1193385 for CVE-2020-13987",
"url": "https://bugzilla.suse.com/1193385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.0:iscsiuio-0.7.8.6-22.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:iscsiuio-0.7.8.6-22.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:libopeniscsiusr0_2_0-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:libopeniscsiusr0_2_0-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:open-iscsi-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:open-iscsi-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.0:iscsiuio-0.7.8.6-22.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:iscsiuio-0.7.8.6-22.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:libopeniscsiusr0_2_0-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:libopeniscsiusr0_2_0-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:open-iscsi-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:open-iscsi-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-05-05T15:43:58Z",
"details": "important"
}
],
"title": "CVE-2020-13987"
},
{
"cve": "CVE-2020-13988",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13988"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.0:iscsiuio-0.7.8.6-22.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:iscsiuio-0.7.8.6-22.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:libopeniscsiusr0_2_0-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:libopeniscsiusr0_2_0-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:open-iscsi-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:open-iscsi-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13988",
"url": "https://www.suse.com/security/cve/CVE-2020-13988"
},
{
"category": "external",
"summary": "SUSE Bug 1179907 for CVE-2020-13988",
"url": "https://bugzilla.suse.com/1179907"
},
{
"category": "external",
"summary": "SUSE Bug 1179908 for CVE-2020-13988",
"url": "https://bugzilla.suse.com/1179908"
},
{
"category": "external",
"summary": "SUSE Bug 1193385 for CVE-2020-13988",
"url": "https://bugzilla.suse.com/1193385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.0:iscsiuio-0.7.8.6-22.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:iscsiuio-0.7.8.6-22.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:libopeniscsiusr0_2_0-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:libopeniscsiusr0_2_0-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:open-iscsi-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:open-iscsi-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.0:iscsiuio-0.7.8.6-22.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:iscsiuio-0.7.8.6-22.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:libopeniscsiusr0_2_0-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:libopeniscsiusr0_2_0-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:open-iscsi-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:open-iscsi-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-05-05T15:43:58Z",
"details": "important"
}
],
"title": "CVE-2020-13988"
},
{
"cve": "CVE-2020-17437",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-17437"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked; therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.0:iscsiuio-0.7.8.6-22.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:iscsiuio-0.7.8.6-22.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:libopeniscsiusr0_2_0-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:libopeniscsiusr0_2_0-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:open-iscsi-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:open-iscsi-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-17437",
"url": "https://www.suse.com/security/cve/CVE-2020-17437"
},
{
"category": "external",
"summary": "SUSE Bug 1179907 for CVE-2020-17437",
"url": "https://bugzilla.suse.com/1179907"
},
{
"category": "external",
"summary": "SUSE Bug 1179908 for CVE-2020-17437",
"url": "https://bugzilla.suse.com/1179908"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.0:iscsiuio-0.7.8.6-22.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:iscsiuio-0.7.8.6-22.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:libopeniscsiusr0_2_0-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:libopeniscsiusr0_2_0-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:open-iscsi-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:open-iscsi-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.0:iscsiuio-0.7.8.6-22.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:iscsiuio-0.7.8.6-22.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:libopeniscsiusr0_2_0-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:libopeniscsiusr0_2_0-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:open-iscsi-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:open-iscsi-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-05-05T15:43:58Z",
"details": "important"
}
],
"title": "CVE-2020-17437"
},
{
"cve": "CVE-2020-17438",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-17438"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails to properly validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP header. By crafting a packet with specific values of the IP header length and the fragmentation offset, attackers can write into the .bss section of the program (past the statically allocated buffer that is used for storing the fragmented data) and cause a denial of service in uip_reass() in uip.c, or possibly execute arbitrary code on some target architectures.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.0:iscsiuio-0.7.8.6-22.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:iscsiuio-0.7.8.6-22.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:libopeniscsiusr0_2_0-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:libopeniscsiusr0_2_0-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:open-iscsi-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:open-iscsi-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-17438",
"url": "https://www.suse.com/security/cve/CVE-2020-17438"
},
{
"category": "external",
"summary": "SUSE Bug 1179907 for CVE-2020-17438",
"url": "https://bugzilla.suse.com/1179907"
},
{
"category": "external",
"summary": "SUSE Bug 1179908 for CVE-2020-17438",
"url": "https://bugzilla.suse.com/1179908"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.0:iscsiuio-0.7.8.6-22.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:iscsiuio-0.7.8.6-22.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:libopeniscsiusr0_2_0-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:libopeniscsiusr0_2_0-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:open-iscsi-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:open-iscsi-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.0:iscsiuio-0.7.8.6-22.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:iscsiuio-0.7.8.6-22.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:libopeniscsiusr0_2_0-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:libopeniscsiusr0_2_0-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:open-iscsi-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:open-iscsi-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:iscsiuio-0.7.8.6-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopeniscsiusr0_2_0-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-2.1.4-22.14.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:open-iscsi-devel-2.1.4-22.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-05-05T15:43:58Z",
"details": "important"
}
],
"title": "CVE-2020-17438"
}
]
}
suse-su-2021:0663-1
Vulnerability from csaf_suse
Published
2021-03-01 15:13
Modified
2021-03-01 15:13
Summary
Security update for open-iscsi
Notes
Title of the patch
Security update for open-iscsi
Description of the patch
This update for open-iscsi fixes the following issues:
Fixes for CVE-2019-17437, CVE-2020-17438, CVE-2020-13987 and CVE-2020-13988 (bsc#1179908):
- check for TCP urgent pointer past end of frame
- check for u8 overflow when processing TCP options
- check for header length underflow during checksum calculation
Patchnames
SUSE-2021-663,SUSE-OpenStack-Cloud-9-2021-663,SUSE-OpenStack-Cloud-Crowbar-9-2021-663,SUSE-SLE-SAP-12-SP4-2021-663,SUSE-SLE-SERVER-12-SP4-LTSS-2021-663,SUSE-SLE-SERVER-12-SP5-2021-663
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for open-iscsi",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for open-iscsi fixes the following issues:\n\nFixes for CVE-2019-17437, CVE-2020-17438, CVE-2020-13987 and CVE-2020-13988 (bsc#1179908):\n\n- check for TCP urgent pointer past end of frame\n- check for u8 overflow when processing TCP options\n- check for header length underflow during checksum calculation\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2021-663,SUSE-OpenStack-Cloud-9-2021-663,SUSE-OpenStack-Cloud-Crowbar-9-2021-663,SUSE-SLE-SAP-12-SP4-2021-663,SUSE-SLE-SERVER-12-SP4-LTSS-2021-663,SUSE-SLE-SERVER-12-SP5-2021-663",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_0663-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:0663-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20210663-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:0663-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008407.html"
},
{
"category": "self",
"summary": "SUSE Bug 1179908",
"url": "https://bugzilla.suse.com/1179908"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13987 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13987/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13988 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13988/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-17437 page",
"url": "https://www.suse.com/security/cve/CVE-2020-17437/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-17438 page",
"url": "https://www.suse.com/security/cve/CVE-2020-17438/"
}
],
"title": "Security update for open-iscsi",
"tracking": {
"current_release_date": "2021-03-01T15:13:59Z",
"generator": {
"date": "2021-03-01T15:13:59Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:0663-1",
"initial_release_date": "2021-03-01T15:13:59Z",
"revision_history": [
{
"date": "2021-03-01T15:13:59Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "iscsiuio-0.7.8.2-12.27.2.aarch64",
"product": {
"name": "iscsiuio-0.7.8.2-12.27.2.aarch64",
"product_id": "iscsiuio-0.7.8.2-12.27.2.aarch64"
}
},
{
"category": "product_version",
"name": "libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"product": {
"name": "libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"product_id": "libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64"
}
},
{
"category": "product_version",
"name": "open-iscsi-2.0.876-12.27.2.aarch64",
"product": {
"name": "open-iscsi-2.0.876-12.27.2.aarch64",
"product_id": "open-iscsi-2.0.876-12.27.2.aarch64"
}
},
{
"category": "product_version",
"name": "open-iscsi-devel-2.0.876-12.27.2.aarch64",
"product": {
"name": "open-iscsi-devel-2.0.876-12.27.2.aarch64",
"product_id": "open-iscsi-devel-2.0.876-12.27.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "iscsiuio-0.7.8.2-12.27.2.i586",
"product": {
"name": "iscsiuio-0.7.8.2-12.27.2.i586",
"product_id": "iscsiuio-0.7.8.2-12.27.2.i586"
}
},
{
"category": "product_version",
"name": "libopeniscsiusr0_2_0-2.0.876-12.27.2.i586",
"product": {
"name": "libopeniscsiusr0_2_0-2.0.876-12.27.2.i586",
"product_id": "libopeniscsiusr0_2_0-2.0.876-12.27.2.i586"
}
},
{
"category": "product_version",
"name": "open-iscsi-2.0.876-12.27.2.i586",
"product": {
"name": "open-iscsi-2.0.876-12.27.2.i586",
"product_id": "open-iscsi-2.0.876-12.27.2.i586"
}
},
{
"category": "product_version",
"name": "open-iscsi-devel-2.0.876-12.27.2.i586",
"product": {
"name": "open-iscsi-devel-2.0.876-12.27.2.i586",
"product_id": "open-iscsi-devel-2.0.876-12.27.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "iscsiuio-0.7.8.2-12.27.2.ppc64le",
"product": {
"name": "iscsiuio-0.7.8.2-12.27.2.ppc64le",
"product_id": "iscsiuio-0.7.8.2-12.27.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"product": {
"name": "libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"product_id": "libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le"
}
},
{
"category": "product_version",
"name": "open-iscsi-2.0.876-12.27.2.ppc64le",
"product": {
"name": "open-iscsi-2.0.876-12.27.2.ppc64le",
"product_id": "open-iscsi-2.0.876-12.27.2.ppc64le"
}
},
{
"category": "product_version",
"name": "open-iscsi-devel-2.0.876-12.27.2.ppc64le",
"product": {
"name": "open-iscsi-devel-2.0.876-12.27.2.ppc64le",
"product_id": "open-iscsi-devel-2.0.876-12.27.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "iscsiuio-0.7.8.2-12.27.2.s390",
"product": {
"name": "iscsiuio-0.7.8.2-12.27.2.s390",
"product_id": "iscsiuio-0.7.8.2-12.27.2.s390"
}
},
{
"category": "product_version",
"name": "libopeniscsiusr0_2_0-2.0.876-12.27.2.s390",
"product": {
"name": "libopeniscsiusr0_2_0-2.0.876-12.27.2.s390",
"product_id": "libopeniscsiusr0_2_0-2.0.876-12.27.2.s390"
}
},
{
"category": "product_version",
"name": "open-iscsi-2.0.876-12.27.2.s390",
"product": {
"name": "open-iscsi-2.0.876-12.27.2.s390",
"product_id": "open-iscsi-2.0.876-12.27.2.s390"
}
},
{
"category": "product_version",
"name": "open-iscsi-devel-2.0.876-12.27.2.s390",
"product": {
"name": "open-iscsi-devel-2.0.876-12.27.2.s390",
"product_id": "open-iscsi-devel-2.0.876-12.27.2.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "iscsiuio-0.7.8.2-12.27.2.s390x",
"product": {
"name": "iscsiuio-0.7.8.2-12.27.2.s390x",
"product_id": "iscsiuio-0.7.8.2-12.27.2.s390x"
}
},
{
"category": "product_version",
"name": "libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"product": {
"name": "libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"product_id": "libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x"
}
},
{
"category": "product_version",
"name": "open-iscsi-2.0.876-12.27.2.s390x",
"product": {
"name": "open-iscsi-2.0.876-12.27.2.s390x",
"product_id": "open-iscsi-2.0.876-12.27.2.s390x"
}
},
{
"category": "product_version",
"name": "open-iscsi-devel-2.0.876-12.27.2.s390x",
"product": {
"name": "open-iscsi-devel-2.0.876-12.27.2.s390x",
"product_id": "open-iscsi-devel-2.0.876-12.27.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "iscsiuio-0.7.8.2-12.27.2.x86_64",
"product": {
"name": "iscsiuio-0.7.8.2-12.27.2.x86_64",
"product_id": "iscsiuio-0.7.8.2-12.27.2.x86_64"
}
},
{
"category": "product_version",
"name": "libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"product": {
"name": "libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"product_id": "libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64"
}
},
{
"category": "product_version",
"name": "open-iscsi-2.0.876-12.27.2.x86_64",
"product": {
"name": "open-iscsi-2.0.876-12.27.2.x86_64",
"product_id": "open-iscsi-2.0.876-12.27.2.x86_64"
}
},
{
"category": "product_version",
"name": "open-iscsi-devel-2.0.876-12.27.2.x86_64",
"product": {
"name": "open-iscsi-devel-2.0.876-12.27.2.x86_64",
"product_id": "open-iscsi-devel-2.0.876-12.27.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 9",
"product": {
"name": "SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:9"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 9",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:9"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-12.27.2.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:iscsiuio-0.7.8.2-12.27.2.x86_64"
},
"product_reference": "iscsiuio-0.7.8.2-12.27.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-12.27.2.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:open-iscsi-2.0.876-12.27.2.x86_64"
},
"product_reference": "open-iscsi-2.0.876-12.27.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-12.27.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:iscsiuio-0.7.8.2-12.27.2.x86_64"
},
"product_reference": "iscsiuio-0.7.8.2-12.27.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-12.27.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:open-iscsi-2.0.876-12.27.2.x86_64"
},
"product_reference": "open-iscsi-2.0.876-12.27.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-12.27.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:iscsiuio-0.7.8.2-12.27.2.ppc64le"
},
"product_reference": "iscsiuio-0.7.8.2-12.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-12.27.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:iscsiuio-0.7.8.2-12.27.2.x86_64"
},
"product_reference": "iscsiuio-0.7.8.2-12.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-12.27.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:open-iscsi-2.0.876-12.27.2.ppc64le"
},
"product_reference": "open-iscsi-2.0.876-12.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-12.27.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:open-iscsi-2.0.876-12.27.2.x86_64"
},
"product_reference": "open-iscsi-2.0.876-12.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-12.27.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.aarch64"
},
"product_reference": "iscsiuio-0.7.8.2-12.27.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-12.27.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.ppc64le"
},
"product_reference": "iscsiuio-0.7.8.2-12.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-12.27.2.s390x as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.s390x"
},
"product_reference": "iscsiuio-0.7.8.2-12.27.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-12.27.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.x86_64"
},
"product_reference": "iscsiuio-0.7.8.2-12.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-12.27.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.aarch64"
},
"product_reference": "open-iscsi-2.0.876-12.27.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-12.27.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.ppc64le"
},
"product_reference": "open-iscsi-2.0.876-12.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-12.27.2.s390x as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.s390x"
},
"product_reference": "open-iscsi-2.0.876-12.27.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-12.27.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.x86_64"
},
"product_reference": "open-iscsi-2.0.876-12.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-12.27.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.aarch64"
},
"product_reference": "iscsiuio-0.7.8.2-12.27.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-12.27.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.ppc64le"
},
"product_reference": "iscsiuio-0.7.8.2-12.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-12.27.2.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.s390x"
},
"product_reference": "iscsiuio-0.7.8.2-12.27.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-12.27.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.x86_64"
},
"product_reference": "iscsiuio-0.7.8.2-12.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-12.27.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.aarch64"
},
"product_reference": "open-iscsi-2.0.876-12.27.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-12.27.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.ppc64le"
},
"product_reference": "open-iscsi-2.0.876-12.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-12.27.2.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.s390x"
},
"product_reference": "open-iscsi-2.0.876-12.27.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-12.27.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.x86_64"
},
"product_reference": "open-iscsi-2.0.876-12.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-12.27.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.aarch64"
},
"product_reference": "iscsiuio-0.7.8.2-12.27.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-12.27.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.ppc64le"
},
"product_reference": "iscsiuio-0.7.8.2-12.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-12.27.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.s390x"
},
"product_reference": "iscsiuio-0.7.8.2-12.27.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-12.27.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.x86_64"
},
"product_reference": "iscsiuio-0.7.8.2-12.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-12.27.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.aarch64"
},
"product_reference": "open-iscsi-2.0.876-12.27.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-12.27.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.ppc64le"
},
"product_reference": "open-iscsi-2.0.876-12.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-12.27.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.s390x"
},
"product_reference": "open-iscsi-2.0.876-12.27.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-12.27.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.x86_64"
},
"product_reference": "open-iscsi-2.0.876-12.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13987",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13987"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud 9:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE OpenStack Cloud 9:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud 9:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:open-iscsi-2.0.876-12.27.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13987",
"url": "https://www.suse.com/security/cve/CVE-2020-13987"
},
{
"category": "external",
"summary": "SUSE Bug 1179907 for CVE-2020-13987",
"url": "https://bugzilla.suse.com/1179907"
},
{
"category": "external",
"summary": "SUSE Bug 1179908 for CVE-2020-13987",
"url": "https://bugzilla.suse.com/1179908"
},
{
"category": "external",
"summary": "SUSE Bug 1193385 for CVE-2020-13987",
"url": "https://bugzilla.suse.com/1193385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud 9:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE OpenStack Cloud 9:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud 9:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:open-iscsi-2.0.876-12.27.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud 9:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE OpenStack Cloud 9:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud 9:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:open-iscsi-2.0.876-12.27.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-01T15:13:59Z",
"details": "important"
}
],
"title": "CVE-2020-13987"
},
{
"cve": "CVE-2020-13988",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13988"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud 9:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE OpenStack Cloud 9:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud 9:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:open-iscsi-2.0.876-12.27.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13988",
"url": "https://www.suse.com/security/cve/CVE-2020-13988"
},
{
"category": "external",
"summary": "SUSE Bug 1179907 for CVE-2020-13988",
"url": "https://bugzilla.suse.com/1179907"
},
{
"category": "external",
"summary": "SUSE Bug 1179908 for CVE-2020-13988",
"url": "https://bugzilla.suse.com/1179908"
},
{
"category": "external",
"summary": "SUSE Bug 1193385 for CVE-2020-13988",
"url": "https://bugzilla.suse.com/1193385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud 9:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE OpenStack Cloud 9:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud 9:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:open-iscsi-2.0.876-12.27.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud 9:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE OpenStack Cloud 9:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud 9:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:open-iscsi-2.0.876-12.27.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-01T15:13:59Z",
"details": "important"
}
],
"title": "CVE-2020-13988"
},
{
"cve": "CVE-2020-17437",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-17437"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked; therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud 9:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE OpenStack Cloud 9:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud 9:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:open-iscsi-2.0.876-12.27.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-17437",
"url": "https://www.suse.com/security/cve/CVE-2020-17437"
},
{
"category": "external",
"summary": "SUSE Bug 1179907 for CVE-2020-17437",
"url": "https://bugzilla.suse.com/1179907"
},
{
"category": "external",
"summary": "SUSE Bug 1179908 for CVE-2020-17437",
"url": "https://bugzilla.suse.com/1179908"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud 9:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE OpenStack Cloud 9:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud 9:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:open-iscsi-2.0.876-12.27.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud 9:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE OpenStack Cloud 9:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud 9:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:open-iscsi-2.0.876-12.27.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-01T15:13:59Z",
"details": "important"
}
],
"title": "CVE-2020-17437"
},
{
"cve": "CVE-2020-17438",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-17438"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails to properly validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP header. By crafting a packet with specific values of the IP header length and the fragmentation offset, attackers can write into the .bss section of the program (past the statically allocated buffer that is used for storing the fragmented data) and cause a denial of service in uip_reass() in uip.c, or possibly execute arbitrary code on some target architectures.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud 9:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE OpenStack Cloud 9:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud 9:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:open-iscsi-2.0.876-12.27.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-17438",
"url": "https://www.suse.com/security/cve/CVE-2020-17438"
},
{
"category": "external",
"summary": "SUSE Bug 1179907 for CVE-2020-17438",
"url": "https://bugzilla.suse.com/1179907"
},
{
"category": "external",
"summary": "SUSE Bug 1179908 for CVE-2020-17438",
"url": "https://bugzilla.suse.com/1179908"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud 9:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE OpenStack Cloud 9:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud 9:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:open-iscsi-2.0.876-12.27.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud 9:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE OpenStack Cloud 9:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud 9:open-iscsi-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:iscsiuio-0.7.8.2-12.27.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libopeniscsiusr0_2_0-2.0.876-12.27.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:open-iscsi-2.0.876-12.27.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-01T15:13:59Z",
"details": "important"
}
],
"title": "CVE-2020-17438"
}
]
}
suse-su-2022:2806-1
Vulnerability from csaf_suse
Published
2022-08-15 08:01
Modified
2022-08-15 08:01
Summary
Security update for open-iscsi
Notes
Title of the patch
Security update for open-iscsi
Description of the patch
This update for open-iscsi fixes the following issues:
Fixed various vulnerabilities in the embedded TCP/IP stack (bsc#1179908):
- CVE-2020-13987: Fixed an out of bounds memory access when
calculating the checksums for IP packets.
- CVE-2020-13988: Fixed an integer overflow when parsing TCP MSS
options of IPv4 network packets.
- CVE-2020-17437: Fixed an out of bounds memory access when the TCP
urgent flag is set.
Patchnames
SUSE-2022-2806,SUSE-SLE-SERVER-12-SP3-BCL-2022-2806
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for open-iscsi",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for open-iscsi fixes the following issues:\n\nFixed various vulnerabilities in the embedded TCP/IP stack (bsc#1179908):\n - CVE-2020-13987: Fixed an out of bounds memory access when\n calculating the checksums for IP packets.\n - CVE-2020-13988: Fixed an integer overflow when parsing TCP MSS\n options of IPv4 network packets.\n - CVE-2020-17437: Fixed an out of bounds memory access when the TCP\n urgent flag is set.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-2806,SUSE-SLE-SERVER-12-SP3-BCL-2022-2806",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_2806-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:2806-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20222806-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:2806-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-August/011912.html"
},
{
"category": "self",
"summary": "SUSE Bug 1179908",
"url": "https://bugzilla.suse.com/1179908"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13987 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13987/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13988 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13988/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-17437 page",
"url": "https://www.suse.com/security/cve/CVE-2020-17437/"
}
],
"title": "Security update for open-iscsi",
"tracking": {
"current_release_date": "2022-08-15T08:01:18Z",
"generator": {
"date": "2022-08-15T08:01:18Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:2806-1",
"initial_release_date": "2022-08-15T08:01:18Z",
"revision_history": [
{
"date": "2022-08-15T08:01:18Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "iscsiuio-0.7.8.2-53.34.1.aarch64",
"product": {
"name": "iscsiuio-0.7.8.2-53.34.1.aarch64",
"product_id": "iscsiuio-0.7.8.2-53.34.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopeniscsiusr0_2_0-2.0.876-53.34.1.aarch64",
"product": {
"name": "libopeniscsiusr0_2_0-2.0.876-53.34.1.aarch64",
"product_id": "libopeniscsiusr0_2_0-2.0.876-53.34.1.aarch64"
}
},
{
"category": "product_version",
"name": "open-iscsi-2.0.876-53.34.1.aarch64",
"product": {
"name": "open-iscsi-2.0.876-53.34.1.aarch64",
"product_id": "open-iscsi-2.0.876-53.34.1.aarch64"
}
},
{
"category": "product_version",
"name": "open-iscsi-devel-2.0.876-53.34.1.aarch64",
"product": {
"name": "open-iscsi-devel-2.0.876-53.34.1.aarch64",
"product_id": "open-iscsi-devel-2.0.876-53.34.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "iscsiuio-0.7.8.2-53.34.1.i586",
"product": {
"name": "iscsiuio-0.7.8.2-53.34.1.i586",
"product_id": "iscsiuio-0.7.8.2-53.34.1.i586"
}
},
{
"category": "product_version",
"name": "libopeniscsiusr0_2_0-2.0.876-53.34.1.i586",
"product": {
"name": "libopeniscsiusr0_2_0-2.0.876-53.34.1.i586",
"product_id": "libopeniscsiusr0_2_0-2.0.876-53.34.1.i586"
}
},
{
"category": "product_version",
"name": "open-iscsi-2.0.876-53.34.1.i586",
"product": {
"name": "open-iscsi-2.0.876-53.34.1.i586",
"product_id": "open-iscsi-2.0.876-53.34.1.i586"
}
},
{
"category": "product_version",
"name": "open-iscsi-devel-2.0.876-53.34.1.i586",
"product": {
"name": "open-iscsi-devel-2.0.876-53.34.1.i586",
"product_id": "open-iscsi-devel-2.0.876-53.34.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "iscsiuio-0.7.8.2-53.34.1.ppc64le",
"product": {
"name": "iscsiuio-0.7.8.2-53.34.1.ppc64le",
"product_id": "iscsiuio-0.7.8.2-53.34.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopeniscsiusr0_2_0-2.0.876-53.34.1.ppc64le",
"product": {
"name": "libopeniscsiusr0_2_0-2.0.876-53.34.1.ppc64le",
"product_id": "libopeniscsiusr0_2_0-2.0.876-53.34.1.ppc64le"
}
},
{
"category": "product_version",
"name": "open-iscsi-2.0.876-53.34.1.ppc64le",
"product": {
"name": "open-iscsi-2.0.876-53.34.1.ppc64le",
"product_id": "open-iscsi-2.0.876-53.34.1.ppc64le"
}
},
{
"category": "product_version",
"name": "open-iscsi-devel-2.0.876-53.34.1.ppc64le",
"product": {
"name": "open-iscsi-devel-2.0.876-53.34.1.ppc64le",
"product_id": "open-iscsi-devel-2.0.876-53.34.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "iscsiuio-0.7.8.2-53.34.1.s390",
"product": {
"name": "iscsiuio-0.7.8.2-53.34.1.s390",
"product_id": "iscsiuio-0.7.8.2-53.34.1.s390"
}
},
{
"category": "product_version",
"name": "libopeniscsiusr0_2_0-2.0.876-53.34.1.s390",
"product": {
"name": "libopeniscsiusr0_2_0-2.0.876-53.34.1.s390",
"product_id": "libopeniscsiusr0_2_0-2.0.876-53.34.1.s390"
}
},
{
"category": "product_version",
"name": "open-iscsi-2.0.876-53.34.1.s390",
"product": {
"name": "open-iscsi-2.0.876-53.34.1.s390",
"product_id": "open-iscsi-2.0.876-53.34.1.s390"
}
},
{
"category": "product_version",
"name": "open-iscsi-devel-2.0.876-53.34.1.s390",
"product": {
"name": "open-iscsi-devel-2.0.876-53.34.1.s390",
"product_id": "open-iscsi-devel-2.0.876-53.34.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "iscsiuio-0.7.8.2-53.34.1.s390x",
"product": {
"name": "iscsiuio-0.7.8.2-53.34.1.s390x",
"product_id": "iscsiuio-0.7.8.2-53.34.1.s390x"
}
},
{
"category": "product_version",
"name": "libopeniscsiusr0_2_0-2.0.876-53.34.1.s390x",
"product": {
"name": "libopeniscsiusr0_2_0-2.0.876-53.34.1.s390x",
"product_id": "libopeniscsiusr0_2_0-2.0.876-53.34.1.s390x"
}
},
{
"category": "product_version",
"name": "open-iscsi-2.0.876-53.34.1.s390x",
"product": {
"name": "open-iscsi-2.0.876-53.34.1.s390x",
"product_id": "open-iscsi-2.0.876-53.34.1.s390x"
}
},
{
"category": "product_version",
"name": "open-iscsi-devel-2.0.876-53.34.1.s390x",
"product": {
"name": "open-iscsi-devel-2.0.876-53.34.1.s390x",
"product_id": "open-iscsi-devel-2.0.876-53.34.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "iscsiuio-0.7.8.2-53.34.1.x86_64",
"product": {
"name": "iscsiuio-0.7.8.2-53.34.1.x86_64",
"product_id": "iscsiuio-0.7.8.2-53.34.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopeniscsiusr0_2_0-2.0.876-53.34.1.x86_64",
"product": {
"name": "libopeniscsiusr0_2_0-2.0.876-53.34.1.x86_64",
"product_id": "libopeniscsiusr0_2_0-2.0.876-53.34.1.x86_64"
}
},
{
"category": "product_version",
"name": "open-iscsi-2.0.876-53.34.1.x86_64",
"product": {
"name": "open-iscsi-2.0.876-53.34.1.x86_64",
"product_id": "open-iscsi-2.0.876-53.34.1.x86_64"
}
},
{
"category": "product_version",
"name": "open-iscsi-devel-2.0.876-53.34.1.x86_64",
"product": {
"name": "open-iscsi-devel-2.0.876-53.34.1.x86_64",
"product_id": "open-iscsi-devel-2.0.876-53.34.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-53.34.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:iscsiuio-0.7.8.2-53.34.1.x86_64"
},
"product_reference": "iscsiuio-0.7.8.2-53.34.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-53.34.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:libopeniscsiusr0_2_0-2.0.876-53.34.1.x86_64"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-53.34.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-53.34.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:open-iscsi-2.0.876-53.34.1.x86_64"
},
"product_reference": "open-iscsi-2.0.876-53.34.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13987",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13987"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP3-BCL:iscsiuio-0.7.8.2-53.34.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libopeniscsiusr0_2_0-2.0.876-53.34.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:open-iscsi-2.0.876-53.34.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13987",
"url": "https://www.suse.com/security/cve/CVE-2020-13987"
},
{
"category": "external",
"summary": "SUSE Bug 1179907 for CVE-2020-13987",
"url": "https://bugzilla.suse.com/1179907"
},
{
"category": "external",
"summary": "SUSE Bug 1179908 for CVE-2020-13987",
"url": "https://bugzilla.suse.com/1179908"
},
{
"category": "external",
"summary": "SUSE Bug 1193385 for CVE-2020-13987",
"url": "https://bugzilla.suse.com/1193385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP3-BCL:iscsiuio-0.7.8.2-53.34.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libopeniscsiusr0_2_0-2.0.876-53.34.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:open-iscsi-2.0.876-53.34.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP3-BCL:iscsiuio-0.7.8.2-53.34.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libopeniscsiusr0_2_0-2.0.876-53.34.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:open-iscsi-2.0.876-53.34.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-08-15T08:01:18Z",
"details": "important"
}
],
"title": "CVE-2020-13987"
},
{
"cve": "CVE-2020-13988",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13988"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP3-BCL:iscsiuio-0.7.8.2-53.34.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libopeniscsiusr0_2_0-2.0.876-53.34.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:open-iscsi-2.0.876-53.34.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13988",
"url": "https://www.suse.com/security/cve/CVE-2020-13988"
},
{
"category": "external",
"summary": "SUSE Bug 1179907 for CVE-2020-13988",
"url": "https://bugzilla.suse.com/1179907"
},
{
"category": "external",
"summary": "SUSE Bug 1179908 for CVE-2020-13988",
"url": "https://bugzilla.suse.com/1179908"
},
{
"category": "external",
"summary": "SUSE Bug 1193385 for CVE-2020-13988",
"url": "https://bugzilla.suse.com/1193385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP3-BCL:iscsiuio-0.7.8.2-53.34.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libopeniscsiusr0_2_0-2.0.876-53.34.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:open-iscsi-2.0.876-53.34.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP3-BCL:iscsiuio-0.7.8.2-53.34.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libopeniscsiusr0_2_0-2.0.876-53.34.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:open-iscsi-2.0.876-53.34.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-08-15T08:01:18Z",
"details": "important"
}
],
"title": "CVE-2020-13988"
},
{
"cve": "CVE-2020-17437",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-17437"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked; therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP3-BCL:iscsiuio-0.7.8.2-53.34.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libopeniscsiusr0_2_0-2.0.876-53.34.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:open-iscsi-2.0.876-53.34.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-17437",
"url": "https://www.suse.com/security/cve/CVE-2020-17437"
},
{
"category": "external",
"summary": "SUSE Bug 1179907 for CVE-2020-17437",
"url": "https://bugzilla.suse.com/1179907"
},
{
"category": "external",
"summary": "SUSE Bug 1179908 for CVE-2020-17437",
"url": "https://bugzilla.suse.com/1179908"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP3-BCL:iscsiuio-0.7.8.2-53.34.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libopeniscsiusr0_2_0-2.0.876-53.34.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:open-iscsi-2.0.876-53.34.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP3-BCL:iscsiuio-0.7.8.2-53.34.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libopeniscsiusr0_2_0-2.0.876-53.34.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:open-iscsi-2.0.876-53.34.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-08-15T08:01:18Z",
"details": "important"
}
],
"title": "CVE-2020-17437"
}
]
}
suse-su-2021:1164-1
Vulnerability from csaf_suse
Published
2021-04-13 12:02
Modified
2021-04-13 12:02
Summary
Security update for open-iscsi
Notes
Title of the patch
Security update for open-iscsi
Description of the patch
This update for open-iscsi fixes the following issues:
- CVE-2020-17437: uIP Out-of-Bounds Write (bsc#1179908)
- CVE-2020-17438: uIP Out-of-Bounds Write (bsc#1179908)
- CVE-2020-13987: uIP Out-of-Bounds Read (bsc#1179908)
- CVE-2020-13988: uIP Integer Overflow (bsc#1179908)
- Enabled no-wait ('-W') iscsiadm option for iscsi login service (bsc#1173886, bsc#1183421)
- Added the ability to perform async logins (bsc#1173886)
Patchnames
SUSE-2021-1164,SUSE-SLE-Module-Legacy-15-SP2-2021-1164,SUSE-SLE-Module-Legacy-15-SP3-2021-1164,SUSE-SLE-Product-HPC-15-2021-1164,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1164,SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1164,SUSE-SLE-Product-SLES-15-2021-1164,SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1164,SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1164,SUSE-SLE-Product-SLES_SAP-15-2021-1164,SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1164,SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1164,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1164,SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1164,SUSE-Storage-6-2021-1164
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for open-iscsi",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for open-iscsi fixes the following issues:\n\n- CVE-2020-17437: uIP Out-of-Bounds Write (bsc#1179908)\n- CVE-2020-17438: uIP Out-of-Bounds Write (bsc#1179908)\n- CVE-2020-13987: uIP Out-of-Bounds Read (bsc#1179908)\n- CVE-2020-13988: uIP Integer Overflow (bsc#1179908)\n- Enabled no-wait (\u0027-W\u0027) iscsiadm option for iscsi login service (bsc#1173886, bsc#1183421)\n- Added the ability to perform async logins (bsc#1173886)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2021-1164,SUSE-SLE-Module-Legacy-15-SP2-2021-1164,SUSE-SLE-Module-Legacy-15-SP3-2021-1164,SUSE-SLE-Product-HPC-15-2021-1164,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1164,SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1164,SUSE-SLE-Product-SLES-15-2021-1164,SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1164,SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1164,SUSE-SLE-Product-SLES_SAP-15-2021-1164,SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1164,SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1164,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1164,SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1164,SUSE-Storage-6-2021-1164",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_1164-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:1164-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20211164-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:1164-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008619.html"
},
{
"category": "self",
"summary": "SUSE Bug 1173886",
"url": "https://bugzilla.suse.com/1173886"
},
{
"category": "self",
"summary": "SUSE Bug 1179908",
"url": "https://bugzilla.suse.com/1179908"
},
{
"category": "self",
"summary": "SUSE Bug 1183421",
"url": "https://bugzilla.suse.com/1183421"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13987 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13987/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13988 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13988/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-17437 page",
"url": "https://www.suse.com/security/cve/CVE-2020-17437/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-17438 page",
"url": "https://www.suse.com/security/cve/CVE-2020-17438/"
}
],
"title": "Security update for open-iscsi",
"tracking": {
"current_release_date": "2021-04-13T12:02:36Z",
"generator": {
"date": "2021-04-13T12:02:36Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:1164-1",
"initial_release_date": "2021-04-13T12:02:36Z",
"revision_history": [
{
"date": "2021-04-13T12:02:36Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "iscsiuio-0.7.8.2-13.42.1.aarch64",
"product": {
"name": "iscsiuio-0.7.8.2-13.42.1.aarch64",
"product_id": "iscsiuio-0.7.8.2-13.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"product": {
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"product_id": "libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "open-iscsi-2.0.876-13.42.1.aarch64",
"product": {
"name": "open-iscsi-2.0.876-13.42.1.aarch64",
"product_id": "open-iscsi-2.0.876-13.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "open-iscsi-devel-2.0.876-13.42.1.aarch64",
"product": {
"name": "open-iscsi-devel-2.0.876-13.42.1.aarch64",
"product_id": "open-iscsi-devel-2.0.876-13.42.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "iscsiuio-0.7.8.2-13.42.1.i586",
"product": {
"name": "iscsiuio-0.7.8.2-13.42.1.i586",
"product_id": "iscsiuio-0.7.8.2-13.42.1.i586"
}
},
{
"category": "product_version",
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.i586",
"product": {
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.i586",
"product_id": "libopeniscsiusr0_2_0-2.0.876-13.42.1.i586"
}
},
{
"category": "product_version",
"name": "open-iscsi-2.0.876-13.42.1.i586",
"product": {
"name": "open-iscsi-2.0.876-13.42.1.i586",
"product_id": "open-iscsi-2.0.876-13.42.1.i586"
}
},
{
"category": "product_version",
"name": "open-iscsi-devel-2.0.876-13.42.1.i586",
"product": {
"name": "open-iscsi-devel-2.0.876-13.42.1.i586",
"product_id": "open-iscsi-devel-2.0.876-13.42.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "iscsiuio-0.7.8.2-13.42.1.ppc64le",
"product": {
"name": "iscsiuio-0.7.8.2-13.42.1.ppc64le",
"product_id": "iscsiuio-0.7.8.2-13.42.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"product": {
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"product_id": "libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le"
}
},
{
"category": "product_version",
"name": "open-iscsi-2.0.876-13.42.1.ppc64le",
"product": {
"name": "open-iscsi-2.0.876-13.42.1.ppc64le",
"product_id": "open-iscsi-2.0.876-13.42.1.ppc64le"
}
},
{
"category": "product_version",
"name": "open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"product": {
"name": "open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"product_id": "open-iscsi-devel-2.0.876-13.42.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "iscsiuio-0.7.8.2-13.42.1.s390x",
"product": {
"name": "iscsiuio-0.7.8.2-13.42.1.s390x",
"product_id": "iscsiuio-0.7.8.2-13.42.1.s390x"
}
},
{
"category": "product_version",
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"product": {
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"product_id": "libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x"
}
},
{
"category": "product_version",
"name": "open-iscsi-2.0.876-13.42.1.s390x",
"product": {
"name": "open-iscsi-2.0.876-13.42.1.s390x",
"product_id": "open-iscsi-2.0.876-13.42.1.s390x"
}
},
{
"category": "product_version",
"name": "open-iscsi-devel-2.0.876-13.42.1.s390x",
"product": {
"name": "open-iscsi-devel-2.0.876-13.42.1.s390x",
"product_id": "open-iscsi-devel-2.0.876-13.42.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "iscsiuio-0.7.8.2-13.42.1.x86_64",
"product": {
"name": "iscsiuio-0.7.8.2-13.42.1.x86_64",
"product_id": "iscsiuio-0.7.8.2-13.42.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"product": {
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"product_id": "libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64"
}
},
{
"category": "product_version",
"name": "open-iscsi-2.0.876-13.42.1.x86_64",
"product": {
"name": "open-iscsi-2.0.876-13.42.1.x86_64",
"product_id": "open-iscsi-2.0.876-13.42.1.x86_64"
}
},
{
"category": "product_version",
"name": "open-iscsi-devel-2.0.876-13.42.1.x86_64",
"product": {
"name": "open-iscsi-devel-2.0.876-13.42.1.x86_64",
"product_id": "open-iscsi-devel-2.0.876-13.42.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Legacy 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Module for Legacy 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Legacy 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-legacy:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Legacy 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Legacy 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Legacy 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-legacy:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_bcl:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.0",
"product": {
"name": "SUSE Manager Proxy 4.0",
"product_id": "SUSE Manager Proxy 4.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Retail Branch Server 4.0",
"product": {
"name": "SUSE Manager Retail Branch Server 4.0",
"product_id": "SUSE Manager Retail Branch Server 4.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-retail-branch-server:4.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.0",
"product": {
"name": "SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 6",
"product": {
"name": "SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-13.42.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:iscsiuio-0.7.8.2-13.42.1.aarch64"
},
"product_reference": "iscsiuio-0.7.8.2-13.42.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-13.42.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:iscsiuio-0.7.8.2-13.42.1.x86_64"
},
"product_reference": "iscsiuio-0.7.8.2-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-13.42.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-2.0.876-13.42.1.aarch64"
},
"product_reference": "open-iscsi-2.0.876-13.42.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-13.42.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-2.0.876-13.42.1.x86_64"
},
"product_reference": "open-iscsi-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-devel-2.0.876-13.42.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-devel-2.0.876-13.42.1.aarch64"
},
"product_reference": "open-iscsi-devel-2.0.876-13.42.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-devel-2.0.876-13.42.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-devel-2.0.876-13.42.1.x86_64"
},
"product_reference": "open-iscsi-devel-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-13.42.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64"
},
"product_reference": "iscsiuio-0.7.8.2-13.42.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-13.42.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64"
},
"product_reference": "iscsiuio-0.7.8.2-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-13.42.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-2.0.876-13.42.1.aarch64"
},
"product_reference": "open-iscsi-2.0.876-13.42.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-13.42.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-2.0.876-13.42.1.x86_64"
},
"product_reference": "open-iscsi-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-devel-2.0.876-13.42.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64"
},
"product_reference": "open-iscsi-devel-2.0.876-13.42.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-devel-2.0.876-13.42.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64"
},
"product_reference": "open-iscsi-devel-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-13.42.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:iscsiuio-0.7.8.2-13.42.1.aarch64"
},
"product_reference": "iscsiuio-0.7.8.2-13.42.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-13.42.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:iscsiuio-0.7.8.2-13.42.1.x86_64"
},
"product_reference": "iscsiuio-0.7.8.2-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-13.42.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-2.0.876-13.42.1.aarch64"
},
"product_reference": "open-iscsi-2.0.876-13.42.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-13.42.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-2.0.876-13.42.1.x86_64"
},
"product_reference": "open-iscsi-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-devel-2.0.876-13.42.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-devel-2.0.876-13.42.1.aarch64"
},
"product_reference": "open-iscsi-devel-2.0.876-13.42.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-devel-2.0.876-13.42.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-devel-2.0.876-13.42.1.x86_64"
},
"product_reference": "open-iscsi-devel-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-13.42.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64"
},
"product_reference": "iscsiuio-0.7.8.2-13.42.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-13.42.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64"
},
"product_reference": "iscsiuio-0.7.8.2-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-13.42.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.aarch64"
},
"product_reference": "open-iscsi-2.0.876-13.42.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-13.42.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.x86_64"
},
"product_reference": "open-iscsi-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-devel-2.0.876-13.42.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64"
},
"product_reference": "open-iscsi-devel-2.0.876-13.42.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-devel-2.0.876-13.42.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64"
},
"product_reference": "open-iscsi-devel-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-13.42.1.aarch64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64"
},
"product_reference": "iscsiuio-0.7.8.2-13.42.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-13.42.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.ppc64le"
},
"product_reference": "iscsiuio-0.7.8.2-13.42.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-13.42.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.s390x"
},
"product_reference": "iscsiuio-0.7.8.2-13.42.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-13.42.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64"
},
"product_reference": "iscsiuio-0.7.8.2-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-13.42.1.aarch64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.aarch64"
},
"product_reference": "open-iscsi-2.0.876-13.42.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-13.42.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.ppc64le"
},
"product_reference": "open-iscsi-2.0.876-13.42.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-13.42.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.s390x"
},
"product_reference": "open-iscsi-2.0.876-13.42.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-13.42.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.x86_64"
},
"product_reference": "open-iscsi-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-devel-2.0.876-13.42.1.aarch64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64"
},
"product_reference": "open-iscsi-devel-2.0.876-13.42.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-devel-2.0.876-13.42.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.ppc64le"
},
"product_reference": "open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-devel-2.0.876-13.42.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.s390x"
},
"product_reference": "open-iscsi-devel-2.0.876-13.42.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-devel-2.0.876-13.42.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64"
},
"product_reference": "open-iscsi-devel-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-13.42.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:iscsiuio-0.7.8.2-13.42.1.x86_64"
},
"product_reference": "iscsiuio-0.7.8.2-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-13.42.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:open-iscsi-2.0.876-13.42.1.x86_64"
},
"product_reference": "open-iscsi-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-devel-2.0.876-13.42.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:open-iscsi-devel-2.0.876-13.42.1.x86_64"
},
"product_reference": "open-iscsi-devel-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-13.42.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64"
},
"product_reference": "iscsiuio-0.7.8.2-13.42.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-13.42.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.ppc64le"
},
"product_reference": "iscsiuio-0.7.8.2-13.42.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-13.42.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.s390x"
},
"product_reference": "iscsiuio-0.7.8.2-13.42.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-13.42.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64"
},
"product_reference": "iscsiuio-0.7.8.2-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-13.42.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.aarch64"
},
"product_reference": "open-iscsi-2.0.876-13.42.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-13.42.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.ppc64le"
},
"product_reference": "open-iscsi-2.0.876-13.42.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-13.42.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.s390x"
},
"product_reference": "open-iscsi-2.0.876-13.42.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-13.42.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.x86_64"
},
"product_reference": "open-iscsi-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-devel-2.0.876-13.42.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64"
},
"product_reference": "open-iscsi-devel-2.0.876-13.42.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-devel-2.0.876-13.42.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.ppc64le"
},
"product_reference": "open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-devel-2.0.876-13.42.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.s390x"
},
"product_reference": "open-iscsi-devel-2.0.876-13.42.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-devel-2.0.876-13.42.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64"
},
"product_reference": "open-iscsi-devel-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-13.42.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:iscsiuio-0.7.8.2-13.42.1.ppc64le"
},
"product_reference": "iscsiuio-0.7.8.2-13.42.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-13.42.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:iscsiuio-0.7.8.2-13.42.1.x86_64"
},
"product_reference": "iscsiuio-0.7.8.2-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-13.42.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-2.0.876-13.42.1.ppc64le"
},
"product_reference": "open-iscsi-2.0.876-13.42.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-13.42.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-2.0.876-13.42.1.x86_64"
},
"product_reference": "open-iscsi-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-devel-2.0.876-13.42.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-devel-2.0.876-13.42.1.ppc64le"
},
"product_reference": "open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-devel-2.0.876-13.42.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-devel-2.0.876-13.42.1.x86_64"
},
"product_reference": "open-iscsi-devel-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-13.42.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:iscsiuio-0.7.8.2-13.42.1.ppc64le"
},
"product_reference": "iscsiuio-0.7.8.2-13.42.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-13.42.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:iscsiuio-0.7.8.2-13.42.1.x86_64"
},
"product_reference": "iscsiuio-0.7.8.2-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-13.42.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-2.0.876-13.42.1.ppc64le"
},
"product_reference": "open-iscsi-2.0.876-13.42.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-13.42.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-2.0.876-13.42.1.x86_64"
},
"product_reference": "open-iscsi-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-devel-2.0.876-13.42.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-devel-2.0.876-13.42.1.ppc64le"
},
"product_reference": "open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-devel-2.0.876-13.42.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-devel-2.0.876-13.42.1.x86_64"
},
"product_reference": "open-iscsi-devel-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-13.42.1.x86_64 as component of SUSE Manager Proxy 4.0",
"product_id": "SUSE Manager Proxy 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64"
},
"product_reference": "iscsiuio-0.7.8.2-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64 as component of SUSE Manager Proxy 4.0",
"product_id": "SUSE Manager Proxy 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-13.42.1.x86_64 as component of SUSE Manager Proxy 4.0",
"product_id": "SUSE Manager Proxy 4.0:open-iscsi-2.0.876-13.42.1.x86_64"
},
"product_reference": "open-iscsi-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-devel-2.0.876-13.42.1.x86_64 as component of SUSE Manager Proxy 4.0",
"product_id": "SUSE Manager Proxy 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64"
},
"product_reference": "open-iscsi-devel-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-13.42.1.x86_64 as component of SUSE Manager Retail Branch Server 4.0",
"product_id": "SUSE Manager Retail Branch Server 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64"
},
"product_reference": "iscsiuio-0.7.8.2-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64 as component of SUSE Manager Retail Branch Server 4.0",
"product_id": "SUSE Manager Retail Branch Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-13.42.1.x86_64 as component of SUSE Manager Retail Branch Server 4.0",
"product_id": "SUSE Manager Retail Branch Server 4.0:open-iscsi-2.0.876-13.42.1.x86_64"
},
"product_reference": "open-iscsi-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-devel-2.0.876-13.42.1.x86_64 as component of SUSE Manager Retail Branch Server 4.0",
"product_id": "SUSE Manager Retail Branch Server 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64"
},
"product_reference": "open-iscsi-devel-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-13.42.1.ppc64le as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.ppc64le"
},
"product_reference": "iscsiuio-0.7.8.2-13.42.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-13.42.1.s390x as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.s390x"
},
"product_reference": "iscsiuio-0.7.8.2-13.42.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-13.42.1.x86_64 as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64"
},
"product_reference": "iscsiuio-0.7.8.2-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64 as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-13.42.1.ppc64le as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.ppc64le"
},
"product_reference": "open-iscsi-2.0.876-13.42.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-13.42.1.s390x as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.s390x"
},
"product_reference": "open-iscsi-2.0.876-13.42.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-13.42.1.x86_64 as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.x86_64"
},
"product_reference": "open-iscsi-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-devel-2.0.876-13.42.1.ppc64le as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.ppc64le"
},
"product_reference": "open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-devel-2.0.876-13.42.1.s390x as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.s390x"
},
"product_reference": "open-iscsi-devel-2.0.876-13.42.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-devel-2.0.876-13.42.1.x86_64 as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64"
},
"product_reference": "open-iscsi-devel-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-13.42.1.aarch64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:iscsiuio-0.7.8.2-13.42.1.aarch64"
},
"product_reference": "iscsiuio-0.7.8.2-13.42.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsiuio-0.7.8.2-13.42.1.x86_64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:iscsiuio-0.7.8.2-13.42.1.x86_64"
},
"product_reference": "iscsiuio-0.7.8.2-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64"
},
"product_reference": "libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-13.42.1.aarch64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:open-iscsi-2.0.876-13.42.1.aarch64"
},
"product_reference": "open-iscsi-2.0.876-13.42.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-2.0.876-13.42.1.x86_64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:open-iscsi-2.0.876-13.42.1.x86_64"
},
"product_reference": "open-iscsi-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-devel-2.0.876-13.42.1.aarch64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:open-iscsi-devel-2.0.876-13.42.1.aarch64"
},
"product_reference": "open-iscsi-devel-2.0.876-13.42.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "open-iscsi-devel-2.0.876-13.42.1.x86_64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:open-iscsi-devel-2.0.876-13.42.1.x86_64"
},
"product_reference": "open-iscsi-devel-2.0.876-13.42.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13987",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13987"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Enterprise Storage 6:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Enterprise Storage 6:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Enterprise Storage 6:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Enterprise Storage 6:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Enterprise Storage 6:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Enterprise Storage 6:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Enterprise Storage 6:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.s390x",
"SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.s390x",
"SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.s390x",
"SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13987",
"url": "https://www.suse.com/security/cve/CVE-2020-13987"
},
{
"category": "external",
"summary": "SUSE Bug 1179907 for CVE-2020-13987",
"url": "https://bugzilla.suse.com/1179907"
},
{
"category": "external",
"summary": "SUSE Bug 1179908 for CVE-2020-13987",
"url": "https://bugzilla.suse.com/1179908"
},
{
"category": "external",
"summary": "SUSE Bug 1193385 for CVE-2020-13987",
"url": "https://bugzilla.suse.com/1193385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Enterprise Storage 6:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Enterprise Storage 6:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Enterprise Storage 6:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Enterprise Storage 6:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Enterprise Storage 6:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Enterprise Storage 6:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Enterprise Storage 6:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.s390x",
"SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.s390x",
"SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.s390x",
"SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Enterprise Storage 6:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Enterprise Storage 6:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Enterprise Storage 6:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Enterprise Storage 6:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Enterprise Storage 6:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Enterprise Storage 6:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Enterprise Storage 6:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.s390x",
"SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.s390x",
"SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.s390x",
"SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-13T12:02:36Z",
"details": "important"
}
],
"title": "CVE-2020-13987"
},
{
"cve": "CVE-2020-13988",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13988"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Enterprise Storage 6:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Enterprise Storage 6:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Enterprise Storage 6:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Enterprise Storage 6:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Enterprise Storage 6:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Enterprise Storage 6:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Enterprise Storage 6:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.s390x",
"SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.s390x",
"SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.s390x",
"SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13988",
"url": "https://www.suse.com/security/cve/CVE-2020-13988"
},
{
"category": "external",
"summary": "SUSE Bug 1179907 for CVE-2020-13988",
"url": "https://bugzilla.suse.com/1179907"
},
{
"category": "external",
"summary": "SUSE Bug 1179908 for CVE-2020-13988",
"url": "https://bugzilla.suse.com/1179908"
},
{
"category": "external",
"summary": "SUSE Bug 1193385 for CVE-2020-13988",
"url": "https://bugzilla.suse.com/1193385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Enterprise Storage 6:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Enterprise Storage 6:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Enterprise Storage 6:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Enterprise Storage 6:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Enterprise Storage 6:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Enterprise Storage 6:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Enterprise Storage 6:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.s390x",
"SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.s390x",
"SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.s390x",
"SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Enterprise Storage 6:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Enterprise Storage 6:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Enterprise Storage 6:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Enterprise Storage 6:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Enterprise Storage 6:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Enterprise Storage 6:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Enterprise Storage 6:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.s390x",
"SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.s390x",
"SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.s390x",
"SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-13T12:02:36Z",
"details": "important"
}
],
"title": "CVE-2020-13988"
},
{
"cve": "CVE-2020-17437",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-17437"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked; therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Enterprise Storage 6:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Enterprise Storage 6:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Enterprise Storage 6:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Enterprise Storage 6:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Enterprise Storage 6:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Enterprise Storage 6:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Enterprise Storage 6:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.s390x",
"SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.s390x",
"SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.s390x",
"SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-17437",
"url": "https://www.suse.com/security/cve/CVE-2020-17437"
},
{
"category": "external",
"summary": "SUSE Bug 1179907 for CVE-2020-17437",
"url": "https://bugzilla.suse.com/1179907"
},
{
"category": "external",
"summary": "SUSE Bug 1179908 for CVE-2020-17437",
"url": "https://bugzilla.suse.com/1179908"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Enterprise Storage 6:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Enterprise Storage 6:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Enterprise Storage 6:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Enterprise Storage 6:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Enterprise Storage 6:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Enterprise Storage 6:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Enterprise Storage 6:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.s390x",
"SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.s390x",
"SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.s390x",
"SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Enterprise Storage 6:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Enterprise Storage 6:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Enterprise Storage 6:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Enterprise Storage 6:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Enterprise Storage 6:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Enterprise Storage 6:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Enterprise Storage 6:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.s390x",
"SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.s390x",
"SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.s390x",
"SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-13T12:02:36Z",
"details": "important"
}
],
"title": "CVE-2020-17437"
},
{
"cve": "CVE-2020-17438",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-17438"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails to properly validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP header. By crafting a packet with specific values of the IP header length and the fragmentation offset, attackers can write into the .bss section of the program (past the statically allocated buffer that is used for storing the fragmented data) and cause a denial of service in uip_reass() in uip.c, or possibly execute arbitrary code on some target architectures.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Enterprise Storage 6:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Enterprise Storage 6:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Enterprise Storage 6:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Enterprise Storage 6:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Enterprise Storage 6:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Enterprise Storage 6:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Enterprise Storage 6:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.s390x",
"SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.s390x",
"SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.s390x",
"SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-17438",
"url": "https://www.suse.com/security/cve/CVE-2020-17438"
},
{
"category": "external",
"summary": "SUSE Bug 1179907 for CVE-2020-17438",
"url": "https://bugzilla.suse.com/1179907"
},
{
"category": "external",
"summary": "SUSE Bug 1179908 for CVE-2020-17438",
"url": "https://bugzilla.suse.com/1179908"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Enterprise Storage 6:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Enterprise Storage 6:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Enterprise Storage 6:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Enterprise Storage 6:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Enterprise Storage 6:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Enterprise Storage 6:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Enterprise Storage 6:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.s390x",
"SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.s390x",
"SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.s390x",
"SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Enterprise Storage 6:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Enterprise Storage 6:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Enterprise Storage 6:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Enterprise Storage 6:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Enterprise Storage 6:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Enterprise Storage 6:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Enterprise Storage 6:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Manager Proxy 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64",
"SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.ppc64le",
"SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.s390x",
"SUSE Manager Server 4.0:iscsiuio-0.7.8.2-13.42.1.x86_64",
"SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.ppc64le",
"SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.s390x",
"SUSE Manager Server 4.0:libopeniscsiusr0_2_0-2.0.876-13.42.1.x86_64",
"SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.ppc64le",
"SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.s390x",
"SUSE Manager Server 4.0:open-iscsi-2.0.876-13.42.1.x86_64",
"SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.ppc64le",
"SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.s390x",
"SUSE Manager Server 4.0:open-iscsi-devel-2.0.876-13.42.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-13T12:02:36Z",
"details": "important"
}
],
"title": "CVE-2020-17438"
}
]
}
cnvd-2021-16433
Vulnerability from cnvd
Title: Contiki越界读取漏洞
Description:
Contiki是一款用于内存受限系统的开源、高度可移植、网络化的多任务操作系统。
Contiki中的uIP TCP/IP Stack组件中的net/ipv4/uip.c中的upper_layer_chksum在计算IP数据包的校验和时存在越界读取漏洞。攻击者可利用漏洞通过发送构建的IP数据包在设备上触发拒绝服务条件。
Severity: 中
Patch Name: Contiki越界读取漏洞的补丁
Patch Description:
Contiki是一款用于内存受限系统的开源、高度可移植、网络化的多任务操作系统。
Contiki中的uIP TCP/IP Stack组件中的net/ipv4/uip.c中的upper_layer_chksum在计算IP数据包的校验和时存在越界读取漏洞。攻击者可利用漏洞通过发送构建的IP数据包在设备上触发拒绝服务条件。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
厂商已发布了漏洞修复程序,请及时关注更新: https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01
Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-13987
Impacted products
| Name | Contiki Contiki 3.0 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-13987",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-13987"
}
},
"description": "Contiki\u662f\u4e00\u6b3e\u7528\u4e8e\u5185\u5b58\u53d7\u9650\u7cfb\u7edf\u7684\u5f00\u6e90\u3001\u9ad8\u5ea6\u53ef\u79fb\u690d\u3001\u7f51\u7edc\u5316\u7684\u591a\u4efb\u52a1\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nContiki\u4e2d\u7684uIP TCP/IP Stack\u7ec4\u4ef6\u4e2d\u7684net/ipv4/uip.c\u4e2d\u7684upper_layer_chksum\u5728\u8ba1\u7b97IP\u6570\u636e\u5305\u7684\u6821\u9a8c\u548c\u65f6\u5b58\u5728\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u901a\u8fc7\u53d1\u9001\u6784\u5efa\u7684IP\u6570\u636e\u5305\u5728\u8bbe\u5907\u4e0a\u89e6\u53d1\u62d2\u7edd\u670d\u52a1\u6761\u4ef6\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://us-cert.cisa.gov/ics/advisories/icsa-20-343-01",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-16433",
"openTime": "2021-03-11",
"patchDescription": "Contiki\u662f\u4e00\u6b3e\u7528\u4e8e\u5185\u5b58\u53d7\u9650\u7cfb\u7edf\u7684\u5f00\u6e90\u3001\u9ad8\u5ea6\u53ef\u79fb\u690d\u3001\u7f51\u7edc\u5316\u7684\u591a\u4efb\u52a1\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nContiki\u4e2d\u7684uIP TCP/IP Stack\u7ec4\u4ef6\u4e2d\u7684net/ipv4/uip.c\u4e2d\u7684upper_layer_chksum\u5728\u8ba1\u7b97IP\u6570\u636e\u5305\u7684\u6821\u9a8c\u548c\u65f6\u5b58\u5728\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u901a\u8fc7\u53d1\u9001\u6784\u5efa\u7684IP\u6570\u636e\u5305\u5728\u8bbe\u5907\u4e0a\u89e6\u53d1\u62d2\u7edd\u670d\u52a1\u6761\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Contiki\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Contiki Contiki 3.0"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-13987",
"serverity": "\u4e2d",
"submitTime": "2020-12-14",
"title": "Contiki\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e"
}
gsd-2020-13987
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-13987",
"description": "An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.",
"id": "GSD-2020-13987",
"references": [
"https://www.suse.com/security/cve/CVE-2020-13987.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-13987"
],
"details": "An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.",
"id": "GSD-2020-13987",
"modified": "2023-12-13T01:21:47.172039Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.kb.cert.org/vuls/id/815128",
"refsource": "MISC",
"url": "https://www.kb.cert.org/vuls/id/815128"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:uip_project:uip:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:contiki-os:contiki:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0",
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:open-iscsi_project:open-iscsi:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.1.12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sentron_3va_com100_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.4.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sentron_3va_com100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sentron_3va_com800_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.4.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sentron_3va_com800:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sentron_pac3200_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.4.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sentron_pac3200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sentron_pac4200_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sentron_pac4200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13987"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"
},
{
"name": "https://www.kb.cert.org/vuls/id/815128",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/815128"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-08-06T03:52Z",
"publishedDate": "2020-12-11T22:15Z"
}
}
}
icsa-21-068-06
Vulnerability from csaf_cisa
Published
2021-03-09 00:00
Modified
2025-05-06 06:00
Summary
Siemens TCP/IP Stack Vulnerabilities-AMNESIA:33 in SENTRON PAC / 3VA Devices (Update C)
Notes
Summary
Security researchers discovered and disclosed 33 vulnerabilities in several open-source TCP/IP stacks for embedded devices, also known as "AMNESIA:33" vulnerabilities.
This advisory describes the impact of two of these vulnerabilities (CVE-2020-13987, CVE-2020-17437) to Siemens products.
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not available.
The impact of another "AMNESIA:33" vulnerability (CVE-2020-13988) is described in Siemens Security Advisory SSA-541017.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting this vulnerability to CISA."
},
{
"organization": "Cybersecurity and Infrastructure Security Agency (CISA)",
"summary": "coordination efforts"
},
{
"organization": "CERT Coordination Center (CERT/CC)",
"summary": "coordination efforts"
},
{
"names": [
"Daniel dos Santos",
"Jos Wetzels",
"Amine Amri"
],
"organization": "Forescout Technologies",
"summary": "coordinated disclosure"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"notes": [
{
"category": "summary",
"text": "Security researchers discovered and disclosed 33 vulnerabilities in several open-source TCP/IP stacks for embedded devices, also known as \"AMNESIA:33\" vulnerabilities.\n\nThis advisory describes the impact of two of these vulnerabilities (CVE-2020-13987, CVE-2020-17437) to Siemens products.\n\nSiemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not available.\n\nThe impact of another \"AMNESIA:33\" vulnerability (CVE-2020-13988) is described in Siemens Security Advisory SSA-541017.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-541018: Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SENTRON PAC / 3VA Devices (Part 2) - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-541018.json"
},
{
"category": "self",
"summary": "SSA-541018: Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SENTRON PAC / 3VA Devices (Part 2) - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-541018.txt"
},
{
"category": "self",
"summary": "SSA-541018: Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SENTRON PAC / 3VA Devices (Part 2) - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-068-06 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-068-06.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-068-06 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-068-06"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens TCP/IP Stack Vulnerabilities-AMNESIA:33 in SENTRON PAC / 3VA Devices (Update C)",
"tracking": {
"current_release_date": "2025-05-06T06:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-21-068-06",
"initial_release_date": "2021-03-09T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-03-09T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2021-05-11T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added download link of update version for SENTRON PAC3220"
},
{
"date": "2021-08-10T00:00:00.000000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added solution for SENTRON 3VA COM100/800 and DSP800"
},
{
"date": "2021-10-12T00:00:00.000000Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Added solution for PAC3200T"
},
{
"date": "2022-02-08T00:00:00.000000Z",
"legacy_version": "1.4",
"number": "5",
"summary": "Added solution for SENTRON PAC2200 (with and without MID approval)"
},
{
"date": "2022-03-08T00:00:00.000000Z",
"legacy_version": "1.5",
"number": "6",
"summary": "Added download link of update version for SENTRON PAC2200"
},
{
"date": "2025-05-06T06:00:00.000000Z",
"legacy_version": "Revision",
"number": "7",
"summary": "Revision - Fixing typos"
}
],
"status": "final",
"version": "7"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV4.4.1",
"product": {
"name": "SENTRON 3VA COM100/800",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "SENTRON 3VA COM100/800"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV4.0",
"product": {
"name": "SENTRON 3VA DSP800",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "SENTRON 3VA DSP800"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SENTRON PAC2200 (with CLP Approval)",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "SENTRON PAC2200 (with CLP Approval)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.2.2",
"product": {
"name": "SENTRON PAC2200 (with MID Approval)",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "SENTRON PAC2200 (with MID Approval)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.2.2",
"product": {
"name": "SENTRON PAC2200 (without MID Approval)",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "SENTRON PAC2200 (without MID Approval)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV2.4.7",
"product": {
"name": "SENTRON PAC3200",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "SENTRON PAC3200"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.2.2",
"product": {
"name": "SENTRON PAC3200T",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "SENTRON PAC3200T"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.2.0",
"product": {
"name": "SENTRON PAC3220",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "SENTRON PAC3220"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV2.3.0",
"product": {
"name": "SENTRON PAC4200",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "SENTRON PAC4200"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13987",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The TCP/IP stack (uIP) in affected devices is vulnerable to out-of-bounds read when calculating the checksum for IP packets. (FSCT-2020-0009)\n\nAn attacker located in the same network could trigger a Denial-of-Service condition on the device by sending a specially crafted IP packet.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0006",
"CSAFPID-0009"
]
},
"references": [
{
"summary": "CVE-2020-13987 - SENTRON 3VA COM100/800",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109765343/"
},
{
"summary": "CVE-2020-13987 - SENTRON PAC3200",
"url": "https://support.industry.siemens.com/cs/ww/en/view/31674577/"
},
{
"summary": "CVE-2020-13987 - SENTRON PAC4200",
"url": "https://support.industry.siemens.com/cs/ww/en/view/35029840/"
},
{
"summary": "CVE-2020-13987 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-13987.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.4.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109765343/"
},
{
"category": "vendor_fix",
"details": "Update to V2.4.7 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/31674577/"
},
{
"category": "vendor_fix",
"details": "Update to V2.3.0 or later version",
"product_ids": [
"CSAFPID-0009"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/35029840/"
},
{
"category": "mitigation",
"details": "For successful exploitation, an attacking system must be located in the same Modbus TCP segment as a vulnerable device. Therefore ensure that only trusted systems are attached to that segment and only trusted persons have access.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0006",
"CSAFPID-0009"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0006",
"CSAFPID-0009"
]
}
],
"title": "CVE-2020-13987"
},
{
"cve": "CVE-2020-17437",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The TCP/IP stack (uIP) in affected devices is vulnerable to out-of-bounds write when processing TCP packets with urgent pointer (URG) where the location of the TCP data payload is calculated improperly. (FSCT-2020-0018)\n\nAn attacker located in the same network could trigger a Denial-of-Service condition on the device by sending a specially crafted IP packet.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
"references": [
{
"summary": "CVE-2020-17437 - SENTRON 3VA COM100/800",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109765343/"
},
{
"summary": "CVE-2020-17437 - SENTRON 3VA DSP800",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109799046/"
},
{
"summary": "CVE-2020-17437 - SENTRON PAC2200 (without MID Approval)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109760897/"
},
{
"summary": "CVE-2020-17437 - SENTRON PAC3200",
"url": "https://support.industry.siemens.com/cs/ww/en/view/31674577/"
},
{
"summary": "CVE-2020-17437 - SENTRON PAC3200T",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109793060/"
},
{
"summary": "CVE-2020-17437 - SENTRON PAC3220",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109780938/"
},
{
"summary": "CVE-2020-17437 - SENTRON PAC4200",
"url": "https://support.industry.siemens.com/cs/ww/en/view/35029840/"
},
{
"summary": "CVE-2020-17437 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-17437.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.4.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109765343/"
},
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109799046/"
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "MID-certified devices do not support firmware updates; V3.2.2 is contained in devices that are labeled as \"M22 MID\"",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.2.2 or later version",
"product_ids": [
"CSAFPID-0005"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109760897/"
},
{
"category": "vendor_fix",
"details": "Update to V2.4.7 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/31674577/"
},
{
"category": "vendor_fix",
"details": "Update to V3.2.2 or later version",
"product_ids": [
"CSAFPID-0007"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109793060/"
},
{
"category": "vendor_fix",
"details": "Update to V3.2.0 or later version",
"product_ids": [
"CSAFPID-0008"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109780938/"
},
{
"category": "vendor_fix",
"details": "Update to V2.3.0 or later version",
"product_ids": [
"CSAFPID-0009"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/35029840/"
},
{
"category": "mitigation",
"details": "For successful exploitation, an attacking system must be located in the same Modbus TCP segment as a vulnerable device. Therefore ensure that only trusted systems are attached to that segment and only trusted persons have access.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
}
],
"title": "CVE-2020-17437"
}
]
}
ICSA-21-068-06
Vulnerability from csaf_cisa
Published
2021-03-09 00:00
Modified
2025-05-06 06:00
Summary
Siemens TCP/IP Stack Vulnerabilities-AMNESIA:33 in SENTRON PAC / 3VA Devices (Update C)
Notes
Summary
Security researchers discovered and disclosed 33 vulnerabilities in several open-source TCP/IP stacks for embedded devices, also known as "AMNESIA:33" vulnerabilities.
This advisory describes the impact of two of these vulnerabilities (CVE-2020-13987, CVE-2020-17437) to Siemens products.
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not available.
The impact of another "AMNESIA:33" vulnerability (CVE-2020-13988) is described in Siemens Security Advisory SSA-541017.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting this vulnerability to CISA."
},
{
"organization": "Cybersecurity and Infrastructure Security Agency (CISA)",
"summary": "coordination efforts"
},
{
"organization": "CERT Coordination Center (CERT/CC)",
"summary": "coordination efforts"
},
{
"names": [
"Daniel dos Santos",
"Jos Wetzels",
"Amine Amri"
],
"organization": "Forescout Technologies",
"summary": "coordinated disclosure"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"notes": [
{
"category": "summary",
"text": "Security researchers discovered and disclosed 33 vulnerabilities in several open-source TCP/IP stacks for embedded devices, also known as \"AMNESIA:33\" vulnerabilities.\n\nThis advisory describes the impact of two of these vulnerabilities (CVE-2020-13987, CVE-2020-17437) to Siemens products.\n\nSiemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not available.\n\nThe impact of another \"AMNESIA:33\" vulnerability (CVE-2020-13988) is described in Siemens Security Advisory SSA-541017.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-541018: Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SENTRON PAC / 3VA Devices (Part 2) - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-541018.json"
},
{
"category": "self",
"summary": "SSA-541018: Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SENTRON PAC / 3VA Devices (Part 2) - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-541018.txt"
},
{
"category": "self",
"summary": "SSA-541018: Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SENTRON PAC / 3VA Devices (Part 2) - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-068-06 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-068-06.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-068-06 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-068-06"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens TCP/IP Stack Vulnerabilities-AMNESIA:33 in SENTRON PAC / 3VA Devices (Update C)",
"tracking": {
"current_release_date": "2025-05-06T06:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-21-068-06",
"initial_release_date": "2021-03-09T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-03-09T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2021-05-11T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added download link of update version for SENTRON PAC3220"
},
{
"date": "2021-08-10T00:00:00.000000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added solution for SENTRON 3VA COM100/800 and DSP800"
},
{
"date": "2021-10-12T00:00:00.000000Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Added solution for PAC3200T"
},
{
"date": "2022-02-08T00:00:00.000000Z",
"legacy_version": "1.4",
"number": "5",
"summary": "Added solution for SENTRON PAC2200 (with and without MID approval)"
},
{
"date": "2022-03-08T00:00:00.000000Z",
"legacy_version": "1.5",
"number": "6",
"summary": "Added download link of update version for SENTRON PAC2200"
},
{
"date": "2025-05-06T06:00:00.000000Z",
"legacy_version": "Revision",
"number": "7",
"summary": "Revision - Fixing typos"
}
],
"status": "final",
"version": "7"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV4.4.1",
"product": {
"name": "SENTRON 3VA COM100/800",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "SENTRON 3VA COM100/800"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV4.0",
"product": {
"name": "SENTRON 3VA DSP800",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "SENTRON 3VA DSP800"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SENTRON PAC2200 (with CLP Approval)",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "SENTRON PAC2200 (with CLP Approval)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.2.2",
"product": {
"name": "SENTRON PAC2200 (with MID Approval)",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "SENTRON PAC2200 (with MID Approval)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.2.2",
"product": {
"name": "SENTRON PAC2200 (without MID Approval)",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "SENTRON PAC2200 (without MID Approval)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV2.4.7",
"product": {
"name": "SENTRON PAC3200",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "SENTRON PAC3200"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.2.2",
"product": {
"name": "SENTRON PAC3200T",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "SENTRON PAC3200T"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.2.0",
"product": {
"name": "SENTRON PAC3220",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "SENTRON PAC3220"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV2.3.0",
"product": {
"name": "SENTRON PAC4200",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "SENTRON PAC4200"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13987",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The TCP/IP stack (uIP) in affected devices is vulnerable to out-of-bounds read when calculating the checksum for IP packets. (FSCT-2020-0009)\n\nAn attacker located in the same network could trigger a Denial-of-Service condition on the device by sending a specially crafted IP packet.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0006",
"CSAFPID-0009"
]
},
"references": [
{
"summary": "CVE-2020-13987 - SENTRON 3VA COM100/800",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109765343/"
},
{
"summary": "CVE-2020-13987 - SENTRON PAC3200",
"url": "https://support.industry.siemens.com/cs/ww/en/view/31674577/"
},
{
"summary": "CVE-2020-13987 - SENTRON PAC4200",
"url": "https://support.industry.siemens.com/cs/ww/en/view/35029840/"
},
{
"summary": "CVE-2020-13987 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-13987.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.4.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109765343/"
},
{
"category": "vendor_fix",
"details": "Update to V2.4.7 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/31674577/"
},
{
"category": "vendor_fix",
"details": "Update to V2.3.0 or later version",
"product_ids": [
"CSAFPID-0009"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/35029840/"
},
{
"category": "mitigation",
"details": "For successful exploitation, an attacking system must be located in the same Modbus TCP segment as a vulnerable device. Therefore ensure that only trusted systems are attached to that segment and only trusted persons have access.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0006",
"CSAFPID-0009"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0006",
"CSAFPID-0009"
]
}
],
"title": "CVE-2020-13987"
},
{
"cve": "CVE-2020-17437",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The TCP/IP stack (uIP) in affected devices is vulnerable to out-of-bounds write when processing TCP packets with urgent pointer (URG) where the location of the TCP data payload is calculated improperly. (FSCT-2020-0018)\n\nAn attacker located in the same network could trigger a Denial-of-Service condition on the device by sending a specially crafted IP packet.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
"references": [
{
"summary": "CVE-2020-17437 - SENTRON 3VA COM100/800",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109765343/"
},
{
"summary": "CVE-2020-17437 - SENTRON 3VA DSP800",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109799046/"
},
{
"summary": "CVE-2020-17437 - SENTRON PAC2200 (without MID Approval)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109760897/"
},
{
"summary": "CVE-2020-17437 - SENTRON PAC3200",
"url": "https://support.industry.siemens.com/cs/ww/en/view/31674577/"
},
{
"summary": "CVE-2020-17437 - SENTRON PAC3200T",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109793060/"
},
{
"summary": "CVE-2020-17437 - SENTRON PAC3220",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109780938/"
},
{
"summary": "CVE-2020-17437 - SENTRON PAC4200",
"url": "https://support.industry.siemens.com/cs/ww/en/view/35029840/"
},
{
"summary": "CVE-2020-17437 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-17437.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.4.1 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109765343/"
},
{
"category": "vendor_fix",
"details": "Update to V4.0 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109799046/"
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "MID-certified devices do not support firmware updates; V3.2.2 is contained in devices that are labeled as \"M22 MID\"",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.2.2 or later version",
"product_ids": [
"CSAFPID-0005"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109760897/"
},
{
"category": "vendor_fix",
"details": "Update to V2.4.7 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/31674577/"
},
{
"category": "vendor_fix",
"details": "Update to V3.2.2 or later version",
"product_ids": [
"CSAFPID-0007"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109793060/"
},
{
"category": "vendor_fix",
"details": "Update to V3.2.0 or later version",
"product_ids": [
"CSAFPID-0008"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109780938/"
},
{
"category": "vendor_fix",
"details": "Update to V2.3.0 or later version",
"product_ids": [
"CSAFPID-0009"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/35029840/"
},
{
"category": "mitigation",
"details": "For successful exploitation, an attacking system must be located in the same Modbus TCP segment as a vulnerable device. Therefore ensure that only trusted systems are attached to that segment and only trusted persons have access.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
}
],
"title": "CVE-2020-17437"
}
]
}
icsa-20-343-01
Vulnerability from csaf_cisa
Published
2020-12-08 00:00
Modified
2020-12-08 00:00
Summary
Multiple Embedded TCP/IP Stacks
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities could allow attackers to corrupt memory, put devices into infinite loops, access unauthorized data, and/or poison DNS cache.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Various
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Exploitability
No known public exploits specifically target these vulnerabilities.
{
"document": {
"acknowledgments": [
{
"names": [
"Daniel dos Santos",
"Stanislav Dashevskyi",
"Jos Wetzels",
"Amine Amri"
],
"organization": "Forescout Research Labs",
"summary": "reporting these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could allow attackers to corrupt memory, put devices into infinite loops, access unauthorized data, and/or poison DNS cache.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Various",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-20-343-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2020/icsa-20-343-01.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-20-343-01 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-20-343-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Multiple Embedded TCP/IP Stacks",
"tracking": {
"current_release_date": "2020-12-08T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-20-343-01",
"initial_release_date": "2020-12-08T00:00:00.000000Z",
"revision_history": [
{
"date": "2020-12-08T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-20-343-01 Multiple Embedded TCP-IP Stacks"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.0",
"product": {
"name": "uIP (EOL): Version 1.0 and prior",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "uIP (EOL)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 4.5",
"product": {
"name": "uIP-Contiki-NG: Version 4.5 and prior",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "uIP-Contiki-NG"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.1",
"product": {
"name": "Nut/Net: Version 5.1 and prior",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "Nut/Net"
},
{
"branches": [
{
"category": "product_version",
"name": "4.6.3",
"product": {
"name": "FNET: Version 4.6.3",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "FNET"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 2.1.12",
"product": {
"name": "open-iscsi: Version 2.1.12 and prior",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "open-iscsi"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.7.0",
"product": {
"name": "picoTCP (EOL): Version 1.7.0 and prior",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "picoTCP (EOL)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 3.0",
"product": {
"name": "uIP-Contiki-OS (end-of-life [EOL]): Version 3.0 and prior",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "uIP-Contiki-OS (end-of-life [EOL])"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.7.0",
"product": {
"name": "picoTCP-NG: Version 1.7.0 and prior",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "picoTCP-NG"
}
],
"category": "vendor",
"name": "multiple open source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13984",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The function used in uIP-Contiki-OS to process IPv6 extension headers and extension header options can be forced into an infinite loop state due to unchecked header/option lengths.CVE-2020-13984 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13984"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-13985",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "The function used in uIP-Contiki-OS to decapsulate RPL extension headers does not check for unsafe integer conversion when parsing the values provided in a header, allowing an attacker to corrupt memory.CVE-2020-13985 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13985"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-13986",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The function used in uIP-Contiki-OS to decapsulate RPL extension headers does not check the length value of an RPL extension header received, allowing an attacker to cause it to enter an infinite loop.CVE-2020-13986 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13986"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-13987",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The function in open-iscsi, uIP-Contiki-OS, and uIP that parses incoming transport layer packets (TCP/UDP) does not check the length fields of packet headers against the data available in the packets. Given arbitrary lengths, an out-of-bounds memory read may be performed during the checksum computation.CVE-2020-13987 has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13987"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-13988",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "The function in open-iscsi, uIP-Contiki-OS, and uIP that parses the TCP MSS option does not check the validity of the length field of this option, allowing an attacker to force it into an infinite loop when arbitrary TCP MSS values are supplied.CVE-2020-13988 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13988"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-17437",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "When handling TCP urgent data in open-iscsi, uIP-Contiki-OS, and uIP, there are no sanity checks for the value of the urgent data pointer, allowing an attacker to corrupt memory by supplying arbitrary urgent data pointer offsets within TCP packets.CVE-2020-17437 has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17437"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-17438",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The function in open-iscsi and uIP that reassembles fragmented packets does not validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP header. This could lead to memory corruption.CVE-2020-17438 has been assigned to this vulnerability. A CVSS v3 base score of 7.0 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17438"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-17439",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Incoming DNS replies in uIP are parsed by the DNS client even if there were no outgoing queries. The DNS transaction ID is not sufficiently random. Provided that the DNS cache is quite small (four entries), this facilitates DNS cache poisoning attacks.CVE-2020-17439 has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17439"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-17440",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "When parsing incoming DNS packets in uIP-Contiki-NG, uIP-Contiki-OS, and uIP, there are no checks whether domain names are null-terminated. This allows an attacker to achieve memory corruption with crafted DNS responses.CVE-2020-17440 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17440"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-17441",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In picoTCP-NG and picoTCP the payload length field of IPv6 extension headers are not checked against the data available in incoming packets, allowing an attacker to corrupt memory.CVE-2020-17441 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17441"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-17442",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "The function in picoTCP-NG and picoTCP that processes the hop-by-hop extension header in IPv6 packets and its options lacks any checks against the length field of the header, allowing an attacker to cause the function to enter an infinite loop by supplying arbitrary length values.CVE-2020-17442 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17442"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-17443",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "When processing ICMPv6 echo requests in picoTCP-NG and picoTCP, there are no checks for whether the ICMPv6 header consists of at least 8 bytes (set by RFC443). This leads to the function that creates ICMPv6 echo replies based on a received request with a smaller header to corrupt memory.CVE-2020-17443 has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17443"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-17444",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "The function in picoTCP-NG and picoTCP that processes IPv6 headers does not check the lengths of extension header options, allowing an attacker to force this function into an infinite loop with crafted length values.CVE-2020-17444 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17444"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-17445",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The function in picoTCP-NG and picoTCP that processes the IPv6 destination options extension header does not check the validity of its options lengths, allowing an attacker to corrupt memory and/or put the function into an infinite loop with crafted length values.CVE-2020-17445 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17445"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-17467",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The function in FNET does not check whether domain names are null terminated when parsing Link-local Multicast Name Resolution (LLMNR) requests. This may allow an attacker to read out of bounds.CVE-2020-17467 has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17467"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-17468",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The function in FNET that processes the IPv6 hop-by-hop extension header does not check the validity of its options lengths, allowing an attacker to corrupt memory.CVE-2020-17468 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17468"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-17469",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The IPv6 packet reassembly function in FNET does not check whether the received fragments are properly aligned in memory, allowing an attacker to perform memory corruption with crafted IPv6 fragmented packets.CVE-2020-17469 has been assigned to this vulnerability. A CVSS v3 base score of 5.9 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17469"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-17470",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The function in FNET that initializes the DNS client interface structure does not set sufficiently random transaction IDs (they will be always set to 1), facilitating DNS cache poisoning attacks.CVE-2020-17470 has been assigned to this vulnerability. A CVSS v3 base score of 4.0 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17470"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-24334",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The function in uIP-Contiki-NG, uIP-Contiki-OS, and uIP that processes DNS responses does not check whether the number of responses specified in the DNS packet header correspond to the response data available in the DNS packet, which may allow an attacker to corrupt memory.CVE-2020-24334 has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24334"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-24335",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The function in uIP-Contiki-NG, uIP-Contiki-OS, and uIP that parses domain names lacks bounds checks, allowing an attacker to corrupt memory with crafted DNS packets.CVE-2020-24335 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24335"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-24336",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The function in uIP-Contiki-NG and uIP-Contiki-OS for parsing DNS records in DNS response packets sent over NAT64 does not validate the length field of the response records, allowing an attacker to corrupt memory.CVE-2020-24336 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24336"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-24337",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The function in picoTCP-NG and picoTCP that processes TCP options does not validate their lengths, allowing an attacker to put the function into an infinite loop with uncommon/unsupported TCP options that have crafted length values.CVE-2020-24337 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24337"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-24338",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The function in picoTCP and picoTCP-NG that parses domain names lacks bounds checks, allowing an attacker to corrupt memory with crafted DNS packets.CVE-2020-24338 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24338"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-24339",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The function in picoTCP and picoTCP-NG that processes DNS responses does not check whether the number of responses specified in the DNS packet header correspond to the response data available in the DNS packet, allowing an attacker to perform memory corruption.CVE-2020-24339 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24339"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-24340",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The function in picoTCP and picoTCP-NG that processes DNS responses does not check whether the number of responses specified in the DNS packet header correspond to the response data available in the DNS packet, allowing an attacker to perform memory corruption.CVE-2020-24340 has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24340"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-24341",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The TCP input data processing function in picoTCP-NG and picoTCP does not validate the length of incoming TCP packets, allowing an attacker to read out of bounds and perform memory corruption.CVE-2020-24341 has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24341"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-24383",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "When parsing incoming DNS packets in FNET,there are no checks whether domain names are null-terminated. This may allow an attacker to achieve memory corruption and/or memory leak.CVE-2020-24383 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24383"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-25107",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The function in Nut/Net that processes DNS questions/responses has several issues: there is no check on whether a domain name is NULL-terminated; the DNS response data length is not checked (can be set to arbitrary value from a packet); the number of DNS queries/responses (set in DNS header) is not checked against the data present; the length byte of a domain name in a DNS query/response is not checked and is used for internal memory operations.CVE-2020-25107 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25107"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-25108",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The function in Nut/Net that processes DNS questions/responses has several issues: there is no check on whether a domain name is NULL-terminated; the DNS response data length is not checked (can be set to arbitrary value from a packet); the number of DNS queries/responses (set in DNS header) is not checked against the data present; the length byte of a domain name in a DNS query/response is not checked and is used for internal memory operations.CVE-2020-25108 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25108"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-25109",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The function in Nut/Net that processes DNS questions/responses has several issues: there is no check on whether a domain name is NULL-terminated; the DNS response data length is not checked (can be set to arbitrary value from a packet); the number of DNS queries/responses (set in DNS header) is not checked against the data present; the length byte of a domain name in a DNS query/response is not checked and is used for internal memory operations.CVE-2020-25109 has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25109"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-25110",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The function in Nut/Net that processes DNS questions/responses has several issues: there is no check on whether a domain name is NULL-terminated; the DNS response data length is not checked (can be set to arbitrary value from a packet); the number of DNS queries/responses (set in DNS header) is not checked against the data present; the length byte of a domain name in a DNS query/response is not checked and is used for internal memory operations.CVE-2020-25110 has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25110"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-25111",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The function in Nut/Net that processes DNS questions/responses has several issues: there is no check on whether a domain name is NULL-terminated; the DNS response data length is not checked (can be set to arbitrary value from a packet); the number of DNS queries/responses (set in DNS header) is not checked against the data present; the length byte of a domain name in a DNS query/response is not checked and is used for internal memory operations.CVE-2020-25111 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25111"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-25112",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "Vulnerabilities in uIP-Contiki-OS (EOL) provide insufficient checks for the IPv4/IPv6 header length and inconsistent checks for the IPv6 header extension lengths, which may allow an attacker to corrupt memory.CVE-2020-25112 has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25112"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
}
]
}
ICSA-20-343-01
Vulnerability from csaf_cisa
Published
2020-12-08 00:00
Modified
2020-12-08 00:00
Summary
Multiple Embedded TCP/IP Stacks
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities could allow attackers to corrupt memory, put devices into infinite loops, access unauthorized data, and/or poison DNS cache.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Various
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Exploitability
No known public exploits specifically target these vulnerabilities.
{
"document": {
"acknowledgments": [
{
"names": [
"Daniel dos Santos",
"Stanislav Dashevskyi",
"Jos Wetzels",
"Amine Amri"
],
"organization": "Forescout Research Labs",
"summary": "reporting these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could allow attackers to corrupt memory, put devices into infinite loops, access unauthorized data, and/or poison DNS cache.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Various",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-20-343-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2020/icsa-20-343-01.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-20-343-01 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-20-343-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Multiple Embedded TCP/IP Stacks",
"tracking": {
"current_release_date": "2020-12-08T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-20-343-01",
"initial_release_date": "2020-12-08T00:00:00.000000Z",
"revision_history": [
{
"date": "2020-12-08T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-20-343-01 Multiple Embedded TCP-IP Stacks"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.0",
"product": {
"name": "uIP (EOL): Version 1.0 and prior",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "uIP (EOL)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 4.5",
"product": {
"name": "uIP-Contiki-NG: Version 4.5 and prior",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "uIP-Contiki-NG"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.1",
"product": {
"name": "Nut/Net: Version 5.1 and prior",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "Nut/Net"
},
{
"branches": [
{
"category": "product_version",
"name": "4.6.3",
"product": {
"name": "FNET: Version 4.6.3",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "FNET"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 2.1.12",
"product": {
"name": "open-iscsi: Version 2.1.12 and prior",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "open-iscsi"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.7.0",
"product": {
"name": "picoTCP (EOL): Version 1.7.0 and prior",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "picoTCP (EOL)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 3.0",
"product": {
"name": "uIP-Contiki-OS (end-of-life [EOL]): Version 3.0 and prior",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "uIP-Contiki-OS (end-of-life [EOL])"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.7.0",
"product": {
"name": "picoTCP-NG: Version 1.7.0 and prior",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "picoTCP-NG"
}
],
"category": "vendor",
"name": "multiple open source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13984",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The function used in uIP-Contiki-OS to process IPv6 extension headers and extension header options can be forced into an infinite loop state due to unchecked header/option lengths.CVE-2020-13984 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13984"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-13985",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "The function used in uIP-Contiki-OS to decapsulate RPL extension headers does not check for unsafe integer conversion when parsing the values provided in a header, allowing an attacker to corrupt memory.CVE-2020-13985 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13985"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-13986",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The function used in uIP-Contiki-OS to decapsulate RPL extension headers does not check the length value of an RPL extension header received, allowing an attacker to cause it to enter an infinite loop.CVE-2020-13986 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13986"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-13987",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The function in open-iscsi, uIP-Contiki-OS, and uIP that parses incoming transport layer packets (TCP/UDP) does not check the length fields of packet headers against the data available in the packets. Given arbitrary lengths, an out-of-bounds memory read may be performed during the checksum computation.CVE-2020-13987 has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13987"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-13988",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "The function in open-iscsi, uIP-Contiki-OS, and uIP that parses the TCP MSS option does not check the validity of the length field of this option, allowing an attacker to force it into an infinite loop when arbitrary TCP MSS values are supplied.CVE-2020-13988 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13988"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-17437",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "When handling TCP urgent data in open-iscsi, uIP-Contiki-OS, and uIP, there are no sanity checks for the value of the urgent data pointer, allowing an attacker to corrupt memory by supplying arbitrary urgent data pointer offsets within TCP packets.CVE-2020-17437 has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17437"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-17438",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The function in open-iscsi and uIP that reassembles fragmented packets does not validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP header. This could lead to memory corruption.CVE-2020-17438 has been assigned to this vulnerability. A CVSS v3 base score of 7.0 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17438"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-17439",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Incoming DNS replies in uIP are parsed by the DNS client even if there were no outgoing queries. The DNS transaction ID is not sufficiently random. Provided that the DNS cache is quite small (four entries), this facilitates DNS cache poisoning attacks.CVE-2020-17439 has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17439"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-17440",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "When parsing incoming DNS packets in uIP-Contiki-NG, uIP-Contiki-OS, and uIP, there are no checks whether domain names are null-terminated. This allows an attacker to achieve memory corruption with crafted DNS responses.CVE-2020-17440 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17440"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-17441",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In picoTCP-NG and picoTCP the payload length field of IPv6 extension headers are not checked against the data available in incoming packets, allowing an attacker to corrupt memory.CVE-2020-17441 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17441"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-17442",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "The function in picoTCP-NG and picoTCP that processes the hop-by-hop extension header in IPv6 packets and its options lacks any checks against the length field of the header, allowing an attacker to cause the function to enter an infinite loop by supplying arbitrary length values.CVE-2020-17442 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17442"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-17443",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "When processing ICMPv6 echo requests in picoTCP-NG and picoTCP, there are no checks for whether the ICMPv6 header consists of at least 8 bytes (set by RFC443). This leads to the function that creates ICMPv6 echo replies based on a received request with a smaller header to corrupt memory.CVE-2020-17443 has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17443"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-17444",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "The function in picoTCP-NG and picoTCP that processes IPv6 headers does not check the lengths of extension header options, allowing an attacker to force this function into an infinite loop with crafted length values.CVE-2020-17444 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17444"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-17445",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The function in picoTCP-NG and picoTCP that processes the IPv6 destination options extension header does not check the validity of its options lengths, allowing an attacker to corrupt memory and/or put the function into an infinite loop with crafted length values.CVE-2020-17445 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17445"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-17467",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The function in FNET does not check whether domain names are null terminated when parsing Link-local Multicast Name Resolution (LLMNR) requests. This may allow an attacker to read out of bounds.CVE-2020-17467 has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17467"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-17468",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The function in FNET that processes the IPv6 hop-by-hop extension header does not check the validity of its options lengths, allowing an attacker to corrupt memory.CVE-2020-17468 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17468"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-17469",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The IPv6 packet reassembly function in FNET does not check whether the received fragments are properly aligned in memory, allowing an attacker to perform memory corruption with crafted IPv6 fragmented packets.CVE-2020-17469 has been assigned to this vulnerability. A CVSS v3 base score of 5.9 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17469"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-17470",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The function in FNET that initializes the DNS client interface structure does not set sufficiently random transaction IDs (they will be always set to 1), facilitating DNS cache poisoning attacks.CVE-2020-17470 has been assigned to this vulnerability. A CVSS v3 base score of 4.0 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17470"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-24334",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The function in uIP-Contiki-NG, uIP-Contiki-OS, and uIP that processes DNS responses does not check whether the number of responses specified in the DNS packet header correspond to the response data available in the DNS packet, which may allow an attacker to corrupt memory.CVE-2020-24334 has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24334"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-24335",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The function in uIP-Contiki-NG, uIP-Contiki-OS, and uIP that parses domain names lacks bounds checks, allowing an attacker to corrupt memory with crafted DNS packets.CVE-2020-24335 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24335"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-24336",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The function in uIP-Contiki-NG and uIP-Contiki-OS for parsing DNS records in DNS response packets sent over NAT64 does not validate the length field of the response records, allowing an attacker to corrupt memory.CVE-2020-24336 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24336"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-24337",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The function in picoTCP-NG and picoTCP that processes TCP options does not validate their lengths, allowing an attacker to put the function into an infinite loop with uncommon/unsupported TCP options that have crafted length values.CVE-2020-24337 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24337"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-24338",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The function in picoTCP and picoTCP-NG that parses domain names lacks bounds checks, allowing an attacker to corrupt memory with crafted DNS packets.CVE-2020-24338 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24338"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-24339",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The function in picoTCP and picoTCP-NG that processes DNS responses does not check whether the number of responses specified in the DNS packet header correspond to the response data available in the DNS packet, allowing an attacker to perform memory corruption.CVE-2020-24339 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24339"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-24340",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The function in picoTCP and picoTCP-NG that processes DNS responses does not check whether the number of responses specified in the DNS packet header correspond to the response data available in the DNS packet, allowing an attacker to perform memory corruption.CVE-2020-24340 has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24340"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-24341",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The TCP input data processing function in picoTCP-NG and picoTCP does not validate the length of incoming TCP packets, allowing an attacker to read out of bounds and perform memory corruption.CVE-2020-24341 has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24341"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-24383",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "When parsing incoming DNS packets in FNET,there are no checks whether domain names are null-terminated. This may allow an attacker to achieve memory corruption and/or memory leak.CVE-2020-24383 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24383"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-25107",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The function in Nut/Net that processes DNS questions/responses has several issues: there is no check on whether a domain name is NULL-terminated; the DNS response data length is not checked (can be set to arbitrary value from a packet); the number of DNS queries/responses (set in DNS header) is not checked against the data present; the length byte of a domain name in a DNS query/response is not checked and is used for internal memory operations.CVE-2020-25107 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25107"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-25108",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The function in Nut/Net that processes DNS questions/responses has several issues: there is no check on whether a domain name is NULL-terminated; the DNS response data length is not checked (can be set to arbitrary value from a packet); the number of DNS queries/responses (set in DNS header) is not checked against the data present; the length byte of a domain name in a DNS query/response is not checked and is used for internal memory operations.CVE-2020-25108 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25108"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-25109",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The function in Nut/Net that processes DNS questions/responses has several issues: there is no check on whether a domain name is NULL-terminated; the DNS response data length is not checked (can be set to arbitrary value from a packet); the number of DNS queries/responses (set in DNS header) is not checked against the data present; the length byte of a domain name in a DNS query/response is not checked and is used for internal memory operations.CVE-2020-25109 has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25109"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-25110",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The function in Nut/Net that processes DNS questions/responses has several issues: there is no check on whether a domain name is NULL-terminated; the DNS response data length is not checked (can be set to arbitrary value from a packet); the number of DNS queries/responses (set in DNS header) is not checked against the data present; the length byte of a domain name in a DNS query/response is not checked and is used for internal memory operations.CVE-2020-25110 has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25110"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-25111",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The function in Nut/Net that processes DNS questions/responses has several issues: there is no check on whether a domain name is NULL-terminated; the DNS response data length is not checked (can be set to arbitrary value from a packet); the number of DNS queries/responses (set in DNS header) is not checked against the data present; the length byte of a domain name in a DNS query/response is not checked and is used for internal memory operations.CVE-2020-25111 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25111"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2020-25112",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "Vulnerabilities in uIP-Contiki-OS (EOL) provide insufficient checks for the IPv4/IPv6 header length and inconsistent checks for the IPv6 header extension lengths, which may allow an attacker to corrupt memory.CVE-2020-25112 has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25112"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://yanzi.dev/#/security/advisories/2020-12-08"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
}
]
}
var-202012-0125
Vulnerability from variot
An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c. Multiple open-source embedded TCP/IP stacks, commonly used in Internet of Things (IoT) and embedded devices, have several vulnerabilities stemming from improper memory management. These vulnerabilities are also tracked as ICS-VU-633937 and JVNVU#96491057 as well as the name AMNESIA:33.CVE-2020-13984 Not Affected CVE-2020-13985 Affected CVE-2020-13986 Affected CVE-2020-13987 Affected CVE-2020-13988 Affected CVE-2020-17437 Affected CVE-2020-17438 Affected CVE-2020-17439 Affected CVE-2020-17440 Affected CVE-2020-17441 Not Affected CVE-2020-17442 Not Affected CVE-2020-17443 Not Affected CVE-2020-17444 Not Affected CVE-2020-17445 Not Affected CVE-2020-17467 Not Affected CVE-2020-17468 Not Affected CVE-2020-17469 Not Affected CVE-2020-17470 Not Affected CVE-2020-24334 Affected CVE-2020-24335 Not Affected CVE-2020-24336 Affected CVE-2020-24337 Not Affected CVE-2020-24338 Not Affected CVE-2020-24339 Not Affected CVE-2020-24340 Not Affected CVE-2020-24341 Not Affected CVE-2020-24383 Not Affected CVE-2020-25107 Not Affected CVE-2020-25108 Not Affected CVE-2020-25109 Not Affected CVE-2020-25110 Not Affected CVE-2020-25111 Not Affected CVE-2020-25112 Not Affected CVE-2021-28362 Not AffectedCVE-2020-13984 Not Affected CVE-2020-13985 Affected CVE-2020-13986 Affected CVE-2020-13987 Affected CVE-2020-13988 Affected CVE-2020-17437 Affected CVE-2020-17438 Affected CVE-2020-17439 Affected CVE-2020-17440 Affected CVE-2020-17441 Not Affected CVE-2020-17442 Not Affected CVE-2020-17443 Not Affected CVE-2020-17444 Not Affected CVE-2020-17445 Not Affected CVE-2020-17467 Not Affected CVE-2020-17468 Not Affected CVE-2020-17469 Not Affected CVE-2020-17470 Not Affected CVE-2020-24334 Affected CVE-2020-24335 Not Affected CVE-2020-24336 Affected CVE-2020-24337 Not Affected CVE-2020-24338 Not Affected CVE-2020-24339 Not Affected CVE-2020-24340 Not Affected CVE-2020-24341 Not Affected CVE-2020-24383 Not Affected CVE-2020-25107 Not Affected CVE-2020-25108 Not Affected CVE-2020-25109 Not Affected CVE-2020-25110 Not Affected CVE-2020-25111 Not Affected CVE-2020-25112 Not Affected CVE-2021-28362 Not Affected. Contiki is an open source cross-platform operating system for IoT (Internet of Things) devices. Contiki-OS has a buffer error vulnerability that stems from not checking the length field of the packet header based on the available data in the packet. Given any length, an out-of-bounds memory read can be performed during the checksum calculation. ========================================================================= Ubuntu Security Notice USN-6259-1 July 27, 2023
open-iscsi vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in Open-iSCSI.
Software Description: - open-iscsi: Open Source iSCSI implementation
Details:
Jos Wetzels, Stanislav Dashevskyi, and Amine Amri discovered that Open-iSCSI incorrectly handled certain checksums for IP packets. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-13987)
Jos Wetzels, Stanislav Dashevskyi, Amine Amri discovered that Open-iSCSI incorrectly handled certain parsing TCP MSS options. An attacker could possibly use this issue to cause a crash or cause unexpected behavior. (CVE-2020-13988)
Amine Amri and Stanislav Dashevskyi discovered that Open-iSCSI incorrectly handled certain TCP data. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-17437)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS: open-iscsi 2.0.874-7.1ubuntu6.4
Ubuntu 18.04 LTS (Available with Ubuntu Pro): open-iscsi 2.0.874-5ubuntu2.11+esm1
Ubuntu 16.04 LTS (Available with Ubuntu Pro): open-iscsi 2.0.873+git0.3b4b4500-14ubuntu3.7+esm1
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-6259-1 CVE-2020-13987, CVE-2020-13988, CVE-2020-17437
Package Information: https://launchpad.net/ubuntu/+source/open-iscsi/2.0.874-7.1ubuntu6.4
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-0125",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "uip",
"scope": "lte",
"trust": 1.0,
"vendor": "uip",
"version": "1.0"
},
{
"model": "sentron pac3200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.4.7"
},
{
"model": "open-iscsi",
"scope": "lte",
"trust": 1.0,
"vendor": "open iscsi",
"version": "2.1.12"
},
{
"model": "sentron 3va com100",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.4.1"
},
{
"model": "sentron pac4200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3.0"
},
{
"model": "sentron 3va com800",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.4.1"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-13987"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This document was written by Vijay Sarvepalli.Statement Date:\u00a0\u00a0 December 08, 2020",
"sources": [
{
"db": "CERT/CC",
"id": "VU#815128"
}
],
"trust": 0.8
},
"cve": "CVE-2020-13987",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-13987",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-13987",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-13987",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-665",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-13987",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-13987"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-665"
},
{
"db": "NVD",
"id": "CVE-2020-13987"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c. Multiple open-source embedded TCP/IP stacks, commonly used in Internet of Things (IoT) and embedded devices, have several vulnerabilities stemming from improper memory management. These vulnerabilities are also tracked as ICS-VU-633937 and JVNVU#96491057 as well as the name AMNESIA:33.CVE-2020-13984 Not Affected\nCVE-2020-13985 Affected\nCVE-2020-13986 Affected\nCVE-2020-13987 Affected\nCVE-2020-13988 Affected\nCVE-2020-17437 Affected\nCVE-2020-17438 Affected\nCVE-2020-17439 Affected\nCVE-2020-17440 Affected\nCVE-2020-17441 Not Affected\nCVE-2020-17442 Not Affected\nCVE-2020-17443 Not Affected\nCVE-2020-17444 Not Affected\nCVE-2020-17445 Not Affected\nCVE-2020-17467 Not Affected\nCVE-2020-17468 Not Affected\nCVE-2020-17469 Not Affected\nCVE-2020-17470 Not Affected\nCVE-2020-24334 Affected\nCVE-2020-24335 Not Affected\nCVE-2020-24336 Affected\nCVE-2020-24337 Not Affected\nCVE-2020-24338 Not Affected\nCVE-2020-24339 Not Affected\nCVE-2020-24340 Not Affected\nCVE-2020-24341 Not Affected\nCVE-2020-24383 Not Affected\nCVE-2020-25107 Not Affected\nCVE-2020-25108 Not Affected\nCVE-2020-25109 Not Affected\nCVE-2020-25110 Not Affected\nCVE-2020-25111 Not Affected\nCVE-2020-25112 Not Affected\nCVE-2021-28362 Not AffectedCVE-2020-13984 Not Affected\nCVE-2020-13985 Affected\nCVE-2020-13986 Affected\nCVE-2020-13987 Affected\nCVE-2020-13988 Affected\nCVE-2020-17437 Affected\nCVE-2020-17438 Affected\nCVE-2020-17439 Affected\nCVE-2020-17440 Affected\nCVE-2020-17441 Not Affected\nCVE-2020-17442 Not Affected\nCVE-2020-17443 Not Affected\nCVE-2020-17444 Not Affected\nCVE-2020-17445 Not Affected\nCVE-2020-17467 Not Affected\nCVE-2020-17468 Not Affected\nCVE-2020-17469 Not Affected\nCVE-2020-17470 Not Affected\nCVE-2020-24334 Affected\nCVE-2020-24335 Not Affected\nCVE-2020-24336 Affected\nCVE-2020-24337 Not Affected\nCVE-2020-24338 Not Affected\nCVE-2020-24339 Not Affected\nCVE-2020-24340 Not Affected\nCVE-2020-24341 Not Affected\nCVE-2020-24383 Not Affected\nCVE-2020-25107 Not Affected\nCVE-2020-25108 Not Affected\nCVE-2020-25109 Not Affected\nCVE-2020-25110 Not Affected\nCVE-2020-25111 Not Affected\nCVE-2020-25112 Not Affected\nCVE-2021-28362 Not Affected. Contiki is an open source cross-platform operating system for IoT (Internet of Things) devices. \nContiki-OS has a buffer error vulnerability that stems from not checking the length field of the packet header based on the available data in the packet. Given any length, an out-of-bounds memory read can be performed during the checksum calculation. =========================================================================\nUbuntu Security Notice USN-6259-1\nJuly 27, 2023\n\nopen-iscsi vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS (Available with Ubuntu Pro)\n- Ubuntu 16.04 LTS (Available with Ubuntu Pro)\n\nSummary:\n\nSeveral security issues were fixed in Open-iSCSI. \n\nSoftware Description:\n- open-iscsi: Open Source iSCSI implementation\n\nDetails:\n\nJos Wetzels, Stanislav Dashevskyi, and Amine Amri discovered that\nOpen-iSCSI incorrectly handled certain checksums for IP packets. \nAn attacker could possibly use this issue to expose sensitive information. \n(CVE-2020-13987)\n\nJos Wetzels, Stanislav Dashevskyi, Amine Amri discovered that\nOpen-iSCSI incorrectly handled certain parsing TCP MSS options. \nAn attacker could possibly use this issue to cause a crash or cause\nunexpected behavior. (CVE-2020-13988)\n\nAmine Amri and Stanislav Dashevskyi discovered that Open-iSCSI\nincorrectly handled certain TCP data. An attacker could possibly\nuse this issue to expose sensitive information. (CVE-2020-17437)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.04 LTS:\n open-iscsi 2.0.874-7.1ubuntu6.4\n\nUbuntu 18.04 LTS (Available with Ubuntu Pro):\n open-iscsi 2.0.874-5ubuntu2.11+esm1\n\nUbuntu 16.04 LTS (Available with Ubuntu Pro):\n open-iscsi 2.0.873+git0.3b4b4500-14ubuntu3.7+esm1\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-6259-1\n CVE-2020-13987, CVE-2020-13988, CVE-2020-17437\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/open-iscsi/2.0.874-7.1ubuntu6.4\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-13987"
},
{
"db": "CERT/CC",
"id": "VU#815128"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-665"
},
{
"db": "VULMON",
"id": "CVE-2020-13987"
},
{
"db": "PACKETSTORM",
"id": "173799"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-13987",
"trust": 2.6
},
{
"db": "CERT/CC",
"id": "VU#815128",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-343-01",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-541018",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-21-068-06",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.4363",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1235",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0767",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021122914",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202012-665",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-13987",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "173799",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#815128"
},
{
"db": "VULMON",
"id": "CVE-2020-13987"
},
{
"db": "PACKETSTORM",
"id": "173799"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-665"
},
{
"db": "NVD",
"id": "CVE-2020-13987"
}
]
},
"id": "VAR-202012-0125",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-11-23T20:20:09.300000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=6f577a90958bcf377827f0a4058f673f"
},
{
"title": "Brocade Security Advisories: Access Denied\nAccess Denied",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=54887b0d314c8021dc2d190abfce740d"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-13987"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-13987"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"
},
{
"trust": 2.3,
"url": "https://www.kb.cert.org/vuls/id/815128"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf"
},
{
"trust": 0.8,
"url": "cve-2020-13984 "
},
{
"trust": 0.8,
"url": "cve-2020-13985 "
},
{
"trust": 0.8,
"url": "cve-2020-13986 "
},
{
"trust": 0.8,
"url": "cve-2020-13987 "
},
{
"trust": 0.8,
"url": "cve-2020-13988 "
},
{
"trust": 0.8,
"url": "cve-2020-17437 "
},
{
"trust": 0.8,
"url": "cve-2020-17438 "
},
{
"trust": 0.8,
"url": "cve-2020-17439 "
},
{
"trust": 0.8,
"url": "cve-2020-17440 "
},
{
"trust": 0.8,
"url": "cve-2020-17441 "
},
{
"trust": 0.8,
"url": "cve-2020-17442 "
},
{
"trust": 0.8,
"url": "cve-2020-17443 "
},
{
"trust": 0.8,
"url": "cve-2020-17444 "
},
{
"trust": 0.8,
"url": "cve-2020-17445 "
},
{
"trust": 0.8,
"url": "cve-2020-17467 "
},
{
"trust": 0.8,
"url": "cve-2020-17468 "
},
{
"trust": 0.8,
"url": "cve-2020-17469 "
},
{
"trust": 0.8,
"url": "cve-2020-17470 "
},
{
"trust": 0.8,
"url": "cve-2020-24334 "
},
{
"trust": 0.8,
"url": "cve-2020-24335 "
},
{
"trust": 0.8,
"url": "cve-2020-24336 "
},
{
"trust": 0.8,
"url": "cve-2020-24337 "
},
{
"trust": 0.8,
"url": "cve-2020-24338 "
},
{
"trust": 0.8,
"url": "cve-2020-24339 "
},
{
"trust": 0.8,
"url": "cve-2020-24340 "
},
{
"trust": 0.8,
"url": "cve-2020-24341 "
},
{
"trust": 0.8,
"url": "cve-2020-24383 "
},
{
"trust": 0.8,
"url": "cve-2020-25107 "
},
{
"trust": 0.8,
"url": "cve-2020-25108 "
},
{
"trust": 0.8,
"url": "cve-2020-25109 "
},
{
"trust": 0.8,
"url": "cve-2020-25110 "
},
{
"trust": 0.8,
"url": "cve-2020-25111 "
},
{
"trust": 0.8,
"url": "cve-2020-25112 "
},
{
"trust": 0.8,
"url": "cve-2021-28362 "
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13987"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1235"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021122914"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/uip-out-of-bounds-memory-reading-via-upper-layer-chksum-34719"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0767"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4363/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-068-06"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-068-06"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13988"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17437"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6259-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/open-iscsi/2.0.874-7.1ubuntu6.4"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#815128"
},
{
"db": "VULMON",
"id": "CVE-2020-13987"
},
{
"db": "PACKETSTORM",
"id": "173799"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-665"
},
{
"db": "NVD",
"id": "CVE-2020-13987"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#815128"
},
{
"db": "VULMON",
"id": "CVE-2020-13987"
},
{
"db": "PACKETSTORM",
"id": "173799"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-665"
},
{
"db": "NVD",
"id": "CVE-2020-13987"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-08T00:00:00",
"db": "CERT/CC",
"id": "VU#815128"
},
{
"date": "2020-12-11T00:00:00",
"db": "VULMON",
"id": "CVE-2020-13987"
},
{
"date": "2023-07-27T14:33:18",
"db": "PACKETSTORM",
"id": "173799"
},
{
"date": "2020-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-665"
},
{
"date": "2020-12-11T22:15:12.543000",
"db": "NVD",
"id": "CVE-2020-13987"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-11T00:00:00",
"db": "CERT/CC",
"id": "VU#815128"
},
{
"date": "2022-08-06T00:00:00",
"db": "VULMON",
"id": "CVE-2020-13987"
},
{
"date": "2022-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-665"
},
{
"date": "2024-11-21T05:02:17.680000",
"db": "NVD",
"id": "CVE-2020-13987"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-665"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Embedded TCP/IP stacks have memory corruption vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#815128"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-665"
}
],
"trust": 0.6
}
}
rhba-2021:4446
Vulnerability from csaf_redhat
Published
2021-11-09 17:34
Modified
2025-09-25 11:27
Summary
Red Hat Bug Fix Advisory: iscsi-initiator-utils bug fix and enhancement update
Notes
Topic
An update for iscsi-initiator-utils is now available for Red Hat Enterprise
Linux 8.
Details
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.5 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for iscsi-initiator-utils is now available for Red Hat Enterprise\nLinux 8.",
"title": "Topic"
},
{
"category": "general",
"text": "For detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.5 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2021:4446",
"url": "https://access.redhat.com/errata/RHBA-2021:4446"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/index"
},
{
"category": "external",
"summary": "1755907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755907"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhba-2021_4446.json"
}
],
"title": "Red Hat Bug Fix Advisory: iscsi-initiator-utils bug fix and enhancement update",
"tracking": {
"current_release_date": "2025-09-25T11:27:08+00:00",
"generator": {
"date": "2025-09-25T11:27:08+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.8"
}
},
"id": "RHBA-2021:4446",
"initial_release_date": "2021-11-09T17:34:53+00:00",
"revision_history": [
{
"date": "2021-11-09T17:34:53+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-11-09T17:34:53+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-25T11:27:08+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat CodeReady Linux Builder (v. 8)",
"product": {
"name": "Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.src",
"product": {
"name": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.src",
"product_id": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iscsi-initiator-utils@6.2.1.4-4.git095f59c.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.aarch64",
"product": {
"name": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.aarch64",
"product_id": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iscsi-initiator-utils@6.2.1.4-4.git095f59c.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.aarch64",
"product": {
"name": "iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.aarch64",
"product_id": "iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iscsi-initiator-utils-iscsiuio@6.2.1.4-4.git095f59c.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.aarch64",
"product": {
"name": "python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.aarch64",
"product_id": "python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-iscsi-initiator-utils@6.2.1.4-4.git095f59c.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.aarch64",
"product": {
"name": "iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.aarch64",
"product_id": "iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iscsi-initiator-utils-debugsource@6.2.1.4-4.git095f59c.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64",
"product": {
"name": "iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64",
"product_id": "iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iscsi-initiator-utils-debuginfo@6.2.1.4-4.git095f59c.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64",
"product": {
"name": "iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64",
"product_id": "iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iscsi-initiator-utils-iscsiuio-debuginfo@6.2.1.4-4.git095f59c.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64",
"product": {
"name": "python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64",
"product_id": "python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-iscsi-initiator-utils-debuginfo@6.2.1.4-4.git095f59c.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.aarch64",
"product": {
"name": "iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.aarch64",
"product_id": "iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iscsi-initiator-utils-devel@6.2.1.4-4.git095f59c.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"product": {
"name": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"product_id": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iscsi-initiator-utils@6.2.1.4-4.git095f59c.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"product": {
"name": "iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"product_id": "iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iscsi-initiator-utils-iscsiuio@6.2.1.4-4.git095f59c.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"product": {
"name": "python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"product_id": "python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-iscsi-initiator-utils@6.2.1.4-4.git095f59c.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"product": {
"name": "iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"product_id": "iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iscsi-initiator-utils-debugsource@6.2.1.4-4.git095f59c.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"product": {
"name": "iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"product_id": "iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iscsi-initiator-utils-debuginfo@6.2.1.4-4.git095f59c.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"product": {
"name": "iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"product_id": "iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iscsi-initiator-utils-iscsiuio-debuginfo@6.2.1.4-4.git095f59c.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"product": {
"name": "python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"product_id": "python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-iscsi-initiator-utils-debuginfo@6.2.1.4-4.git095f59c.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"product": {
"name": "iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"product_id": "iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iscsi-initiator-utils-devel@6.2.1.4-4.git095f59c.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.i686",
"product": {
"name": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.i686",
"product_id": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iscsi-initiator-utils@6.2.1.4-4.git095f59c.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.i686",
"product": {
"name": "iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.i686",
"product_id": "iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iscsi-initiator-utils-debugsource@6.2.1.4-4.git095f59c.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686",
"product": {
"name": "iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686",
"product_id": "iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iscsi-initiator-utils-debuginfo@6.2.1.4-4.git095f59c.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686",
"product": {
"name": "iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686",
"product_id": "iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iscsi-initiator-utils-iscsiuio-debuginfo@6.2.1.4-4.git095f59c.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686",
"product": {
"name": "python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686",
"product_id": "python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-iscsi-initiator-utils-debuginfo@6.2.1.4-4.git095f59c.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.i686",
"product": {
"name": "iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.i686",
"product_id": "iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iscsi-initiator-utils-devel@6.2.1.4-4.git095f59c.el8?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.x86_64",
"product": {
"name": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.x86_64",
"product_id": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iscsi-initiator-utils@6.2.1.4-4.git095f59c.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.x86_64",
"product": {
"name": "iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.x86_64",
"product_id": "iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iscsi-initiator-utils-iscsiuio@6.2.1.4-4.git095f59c.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.x86_64",
"product": {
"name": "python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.x86_64",
"product_id": "python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-iscsi-initiator-utils@6.2.1.4-4.git095f59c.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.x86_64",
"product": {
"name": "iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.x86_64",
"product_id": "iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iscsi-initiator-utils-debugsource@6.2.1.4-4.git095f59c.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64",
"product": {
"name": "iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64",
"product_id": "iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iscsi-initiator-utils-debuginfo@6.2.1.4-4.git095f59c.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64",
"product": {
"name": "iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64",
"product_id": "iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iscsi-initiator-utils-iscsiuio-debuginfo@6.2.1.4-4.git095f59c.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64",
"product": {
"name": "python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64",
"product_id": "python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-iscsi-initiator-utils-debuginfo@6.2.1.4-4.git095f59c.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.x86_64",
"product": {
"name": "iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.x86_64",
"product_id": "iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iscsi-initiator-utils-devel@6.2.1.4-4.git095f59c.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.s390x",
"product": {
"name": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.s390x",
"product_id": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iscsi-initiator-utils@6.2.1.4-4.git095f59c.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.s390x",
"product": {
"name": "iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.s390x",
"product_id": "iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iscsi-initiator-utils-iscsiuio@6.2.1.4-4.git095f59c.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.s390x",
"product": {
"name": "python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.s390x",
"product_id": "python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-iscsi-initiator-utils@6.2.1.4-4.git095f59c.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.s390x",
"product": {
"name": "iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.s390x",
"product_id": "iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iscsi-initiator-utils-debugsource@6.2.1.4-4.git095f59c.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x",
"product": {
"name": "iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x",
"product_id": "iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iscsi-initiator-utils-debuginfo@6.2.1.4-4.git095f59c.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x",
"product": {
"name": "iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x",
"product_id": "iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iscsi-initiator-utils-iscsiuio-debuginfo@6.2.1.4-4.git095f59c.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x",
"product": {
"name": "python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x",
"product_id": "python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-iscsi-initiator-utils-debuginfo@6.2.1.4-4.git095f59c.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.s390x",
"product": {
"name": "iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.s390x",
"product_id": "iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iscsi-initiator-utils-devel@6.2.1.4-4.git095f59c.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.aarch64"
},
"product_reference": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.i686"
},
"product_reference": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.i686",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.ppc64le"
},
"product_reference": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.s390x"
},
"product_reference": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.s390x",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.src"
},
"product_reference": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.src",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.x86_64"
},
"product_reference": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64"
},
"product_reference": "iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686"
},
"product_reference": "iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le"
},
"product_reference": "iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x"
},
"product_reference": "iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64"
},
"product_reference": "iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.aarch64"
},
"product_reference": "iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.i686"
},
"product_reference": "iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.i686",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.ppc64le"
},
"product_reference": "iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.s390x"
},
"product_reference": "iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.s390x",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.x86_64"
},
"product_reference": "iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.aarch64"
},
"product_reference": "iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.i686"
},
"product_reference": "iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.i686",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.ppc64le"
},
"product_reference": "iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.s390x"
},
"product_reference": "iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.s390x",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.x86_64"
},
"product_reference": "iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.aarch64"
},
"product_reference": "iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.ppc64le"
},
"product_reference": "iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.s390x"
},
"product_reference": "iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.s390x",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.x86_64"
},
"product_reference": "iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64"
},
"product_reference": "iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686"
},
"product_reference": "iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le"
},
"product_reference": "iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x"
},
"product_reference": "iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64"
},
"product_reference": "iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.aarch64"
},
"product_reference": "python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.ppc64le"
},
"product_reference": "python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.s390x"
},
"product_reference": "python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.s390x",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.x86_64"
},
"product_reference": "python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64"
},
"product_reference": "python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686"
},
"product_reference": "python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le"
},
"product_reference": "python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x"
},
"product_reference": "python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64"
},
"product_reference": "python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.aarch64"
},
"product_reference": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.aarch64",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.i686"
},
"product_reference": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.i686",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.ppc64le"
},
"product_reference": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.s390x"
},
"product_reference": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.s390x",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.src as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.src"
},
"product_reference": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.src",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.x86_64"
},
"product_reference": "iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.x86_64",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64"
},
"product_reference": "iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686"
},
"product_reference": "iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le"
},
"product_reference": "iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x"
},
"product_reference": "iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64"
},
"product_reference": "iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.aarch64"
},
"product_reference": "iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.aarch64",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.i686"
},
"product_reference": "iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.i686",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.ppc64le"
},
"product_reference": "iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.s390x"
},
"product_reference": "iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.s390x",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.x86_64"
},
"product_reference": "iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.x86_64",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.aarch64"
},
"product_reference": "iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.aarch64",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.i686"
},
"product_reference": "iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.i686",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.ppc64le"
},
"product_reference": "iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.s390x"
},
"product_reference": "iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.s390x",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.x86_64"
},
"product_reference": "iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.x86_64",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.aarch64"
},
"product_reference": "iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.aarch64",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.ppc64le"
},
"product_reference": "iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.s390x"
},
"product_reference": "iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.s390x",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.x86_64"
},
"product_reference": "iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.x86_64",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64"
},
"product_reference": "iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686"
},
"product_reference": "iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le"
},
"product_reference": "iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x"
},
"product_reference": "iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64"
},
"product_reference": "iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.aarch64"
},
"product_reference": "python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.aarch64",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.ppc64le"
},
"product_reference": "python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.s390x"
},
"product_reference": "python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.s390x",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.x86_64"
},
"product_reference": "python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.x86_64",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64"
},
"product_reference": "python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686"
},
"product_reference": "python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le"
},
"product_reference": "python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x"
},
"product_reference": "python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x",
"relates_to_product_reference": "CRB-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64"
},
"product_reference": "python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64",
"relates_to_product_reference": "CRB-8.5.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13987",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"discovery_date": "2020-11-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1899467"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Open-iSCSI: OOB read in checksum calculation in uIP",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Although a vulnerable version of uIP is included in iscsi-initiator-utils, it is believed that the vulnerability can not be actively exploited in that particular context.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.aarch64",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.i686",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.s390x",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.src",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.x86_64",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.aarch64",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.i686",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.s390x",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.x86_64",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.aarch64",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.i686",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.s390x",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.x86_64",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.aarch64",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.s390x",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.x86_64",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64",
"BaseOS-8.5.0.GA:python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.aarch64",
"BaseOS-8.5.0.GA:python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"BaseOS-8.5.0.GA:python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.s390x",
"BaseOS-8.5.0.GA:python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.x86_64",
"BaseOS-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64",
"BaseOS-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686",
"BaseOS-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"BaseOS-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x",
"BaseOS-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64",
"CRB-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.aarch64",
"CRB-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.i686",
"CRB-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"CRB-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.s390x",
"CRB-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.src",
"CRB-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.x86_64",
"CRB-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64",
"CRB-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686",
"CRB-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"CRB-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x",
"CRB-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64",
"CRB-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.aarch64",
"CRB-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.i686",
"CRB-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"CRB-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.s390x",
"CRB-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.x86_64",
"CRB-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.aarch64",
"CRB-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.i686",
"CRB-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"CRB-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.s390x",
"CRB-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.x86_64",
"CRB-8.5.0.GA:iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.aarch64",
"CRB-8.5.0.GA:iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"CRB-8.5.0.GA:iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.s390x",
"CRB-8.5.0.GA:iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.x86_64",
"CRB-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64",
"CRB-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686",
"CRB-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"CRB-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x",
"CRB-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64",
"CRB-8.5.0.GA:python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.aarch64",
"CRB-8.5.0.GA:python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"CRB-8.5.0.GA:python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.s390x",
"CRB-8.5.0.GA:python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.x86_64",
"CRB-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64",
"CRB-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686",
"CRB-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"CRB-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x",
"CRB-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-13987"
},
{
"category": "external",
"summary": "RHBZ#1899467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-13987",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13987"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13987",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13987"
},
{
"category": "external",
"summary": "https://www.forescout.com/company/resources/amnesia33-how-tcp-ip-stacks-breed-critical-vulnerabilities-in-iot-ot-and-it-devices/",
"url": "https://www.forescout.com/company/resources/amnesia33-how-tcp-ip-stacks-breed-critical-vulnerabilities-in-iot-ot-and-it-devices/"
}
],
"release_date": "2020-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-09T17:34:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.aarch64",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.i686",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.s390x",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.src",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.x86_64",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.aarch64",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.i686",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.s390x",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.x86_64",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.aarch64",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.i686",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.s390x",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.x86_64",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.aarch64",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.s390x",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.x86_64",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64",
"BaseOS-8.5.0.GA:python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.aarch64",
"BaseOS-8.5.0.GA:python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"BaseOS-8.5.0.GA:python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.s390x",
"BaseOS-8.5.0.GA:python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.x86_64",
"BaseOS-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64",
"BaseOS-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686",
"BaseOS-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"BaseOS-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x",
"BaseOS-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64",
"CRB-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.aarch64",
"CRB-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.i686",
"CRB-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"CRB-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.s390x",
"CRB-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.src",
"CRB-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.x86_64",
"CRB-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64",
"CRB-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686",
"CRB-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"CRB-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x",
"CRB-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64",
"CRB-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.aarch64",
"CRB-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.i686",
"CRB-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"CRB-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.s390x",
"CRB-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.x86_64",
"CRB-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.aarch64",
"CRB-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.i686",
"CRB-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"CRB-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.s390x",
"CRB-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.x86_64",
"CRB-8.5.0.GA:iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.aarch64",
"CRB-8.5.0.GA:iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"CRB-8.5.0.GA:iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.s390x",
"CRB-8.5.0.GA:iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.x86_64",
"CRB-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64",
"CRB-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686",
"CRB-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"CRB-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x",
"CRB-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64",
"CRB-8.5.0.GA:python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.aarch64",
"CRB-8.5.0.GA:python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"CRB-8.5.0.GA:python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.s390x",
"CRB-8.5.0.GA:python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.x86_64",
"CRB-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64",
"CRB-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686",
"CRB-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"CRB-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x",
"CRB-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:4446"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"BaseOS-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.aarch64",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.i686",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.s390x",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.src",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.x86_64",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.aarch64",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.i686",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.s390x",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.x86_64",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.aarch64",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.i686",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.s390x",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.x86_64",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.aarch64",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.s390x",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.x86_64",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x",
"BaseOS-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64",
"BaseOS-8.5.0.GA:python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.aarch64",
"BaseOS-8.5.0.GA:python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"BaseOS-8.5.0.GA:python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.s390x",
"BaseOS-8.5.0.GA:python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.x86_64",
"BaseOS-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64",
"BaseOS-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686",
"BaseOS-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"BaseOS-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x",
"BaseOS-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64",
"CRB-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.aarch64",
"CRB-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.i686",
"CRB-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"CRB-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.s390x",
"CRB-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.src",
"CRB-8.5.0.GA:iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.x86_64",
"CRB-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64",
"CRB-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686",
"CRB-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"CRB-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x",
"CRB-8.5.0.GA:iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64",
"CRB-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.aarch64",
"CRB-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.i686",
"CRB-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"CRB-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.s390x",
"CRB-8.5.0.GA:iscsi-initiator-utils-debugsource-0:6.2.1.4-4.git095f59c.el8.x86_64",
"CRB-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.aarch64",
"CRB-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.i686",
"CRB-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"CRB-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.s390x",
"CRB-8.5.0.GA:iscsi-initiator-utils-devel-0:6.2.1.4-4.git095f59c.el8.x86_64",
"CRB-8.5.0.GA:iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.aarch64",
"CRB-8.5.0.GA:iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"CRB-8.5.0.GA:iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.s390x",
"CRB-8.5.0.GA:iscsi-initiator-utils-iscsiuio-0:6.2.1.4-4.git095f59c.el8.x86_64",
"CRB-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64",
"CRB-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686",
"CRB-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"CRB-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x",
"CRB-8.5.0.GA:iscsi-initiator-utils-iscsiuio-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64",
"CRB-8.5.0.GA:python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.aarch64",
"CRB-8.5.0.GA:python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"CRB-8.5.0.GA:python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.s390x",
"CRB-8.5.0.GA:python3-iscsi-initiator-utils-0:6.2.1.4-4.git095f59c.el8.x86_64",
"CRB-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.aarch64",
"CRB-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.i686",
"CRB-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.ppc64le",
"CRB-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.s390x",
"CRB-8.5.0.GA:python3-iscsi-initiator-utils-debuginfo-0:6.2.1.4-4.git095f59c.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Open-iSCSI: OOB read in checksum calculation in uIP"
}
]
}
ghsa-g438-vfc9-cq65
Vulnerability from github
Published
2022-05-24 17:36
Modified
2022-08-07 00:00
Severity ?
VLAI Severity ?
Details
An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.
{
"affected": [],
"aliases": [
"CVE-2020-13987"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-11T22:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.",
"id": "GHSA-g438-vfc9-cq65",
"modified": "2022-08-07T00:00:29Z",
"published": "2022-05-24T17:36:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13987"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/815128"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…