Vulnerabilities > CVE-2020-25066 - Out-of-bounds Write vulnerability in Treck Tcp/Ip

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

treck

CWE-787

critical

NVD

Published: 2020-12-22

Updated: 2021-03-26

Summary

A heap-based buffer overflow in the Treck HTTP Server component before 6.0.1.68 allows remote attackers to cause a denial of service (crash/reset) or to possibly execute arbitrary code.

Vulnerable Configurations

Part	Description	Count
Application	Treck Treck Tcp/Ip 4.7.1.27 Treck Tcp/Ip 5.0.1.35 Treck Tcp/Ip 6.0.1.28 Treck Tcp/Ip 6.0.1.41 Treck Tcp/Ip 6.0.1.66 Treck Tcp/Ip 6.0.1.67	6

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://treck.com/vulnerability-response-information/
https://security.netapp.com/advisory/ntap-20210201-0003/