Incorrect Calculation

CVE-2023-35848

High

7.5/10

Summary

VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 lacks certain size calculations before attempting to set a value of an mss structure member.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-682 - Incorrect Calculation

The software performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

References

Advisory Timeline

Published Jun 19, 2023

Incorrect Calculation

CVE-2023-35848

Summary

CWE-682 - Incorrect Calculation

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS