CVE-2023-35848

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jun 19, 2023

Updated: Jun 26, 2023

CWE ID 682

Summary

CVE-2023-35848 is a vulnerability affecting VirtualSquare's picoTCP, also known as PicoTCP-NG, prior to version 2.1. This issue arises due to insufficient size calculations before setting a value in an mss structure member, potentially leading to buffer overflows and resulting in arbitrary code execution or denial of service attacks. Attackers can exploit this vulnerability by sending specially crafted packets to a targeted system, putting it at risk of remote code execution or service disruption. System administrators are advised to upgrade to the latest version of picoTCP to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/rsbIvX
https://www.cve.org/CVERecord?id=CVE-2023-35848
https://nvd.nist.gov/vuln/detail/CVE-2023-35848

Back to Vulnerability Database

CVE-2023-35848

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations