Vulnerability Details CVE-2021-26788
Oryx Embedded CycloneTCP 1.7.6 to 2.0.0, fixed in 2.0.2, is affected by incorrect input validation, which may cause a denial of service (DoS). To exploit the vulnerability, an attacker needs to have TCP connectivity to the target system. Receiving a maliciously crafted TCP packet from an unauthenticated endpoint is sufficient to trigger the bug.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 35.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/Oryx-Embedded/CycloneTCP/commit/de5336016edbe1e90327d0ed1cba5c4e49114366?branch=de5336016edbe1e90327d0ed1cba5c4e49114366&diff=split
- https://github.com/Oryx-Embedded/CycloneTCP/commit/de5336016edbe1e90327d0ed1cba5c4e49114366?branch=de5336016edbe1e90327d0ed1cba5c4e49114366&diff=split
Products affected by CVE-2021-26788
-
cpe:2.3:a:oryx-embedded:cyclonetcp:1.7.6
-
cpe:2.3:a:oryx-embedded:cyclonetcp:1.7.8
-
cpe:2.3:a:oryx-embedded:cyclonetcp:1.8.0
-
cpe:2.3:a:oryx-embedded:cyclonetcp:1.8.2
-
cpe:2.3:a:oryx-embedded:cyclonetcp:1.8.6
-
cpe:2.3:a:oryx-embedded:cyclonetcp:1.9.0
-
cpe:2.3:a:oryx-embedded:cyclonetcp:1.9.2
-
cpe:2.3:a:oryx-embedded:cyclonetcp:1.9.4
-
cpe:2.3:a:oryx-embedded:cyclonetcp:1.9.6
-
cpe:2.3:a:oryx-embedded:cyclonetcp:1.9.8
-
cpe:2.3:a:oryx-embedded:cyclonetcp:2.0.0