Security Information: Treck TCP/IP stack vulnerabilities
Canon Medical Systems Security Advisory
Overview
It was announced that there are multiple security vulnerabilities in Treck TCP/IP stack. Treck TCP/IP stack is a low-level TCP/IP software library. There is a possibility that an attacker who successfully exploited these vulnerabilities could perform remote code execution or exposure of sensitive information.
Vulnerability Overview
| CVE ID | CVSSv3 | Description | Impact | Exploitability Assessment |
| CVE-2020-11896 | 10 | The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling. | Remote Code Execution | N/A |
| CVE-2020-11897 | 10 | The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets. | Out-of-Bounds Write | N/A |
| CVE-2020-11898 | 9.1 | The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak. | Exposure of Sensitive Information | N/A |
| CVE-2020-11899 | 5.4 | The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. | Out-of-bounds Read, Denial of Servi/ce | N/A |
| CVE-2020-11900 | 8.2 | The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Free. | Use After Free | NA |
| CVE-2020-11901 | 9 | The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution via a single invalid DNS response. | Remote Code Execution | N/A |
| CVE-2020-11902 | 7.3 | The Treck TCP/IP stack before 6.0.1.66 has an IPv6OverIPv4 tunneling Out-of-bounds Read. | Out-of-bounds Read | N/A |
| CVE-2020-11903 | 5.3 | The Treck TCP/IP stack before 6.0.1.28 has a DHCP Out-of-bounds Read. | Exposure of Sensitive Information | N/A |
| CVE-2020-11904 | 5.6 | The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during Memory Allocation that causes an Out-of-Bounds Write. | Out-of-Bounds Write | N/A |
| CVE-2020-11905 | 5.3 | The Treck TCP/IP stack before 6.0.1.66 has a DHCPv6 Out-of-bounds Read. | Exposure of Sensitive Information | N/A |
| CVE-2020-11906 | 5 | The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow. | Integer Underflow | N/A |
| CVE-2020-11907 | 5 | The Treck TCP/IP stack before 6.0.1.66 improperly handles a Length Parameter Inconsistency in TCP. | Integer Underflow | N/A |
| CVE-2020-11908 | 3.1 | The Treck TCP/IP stack before 4.7.1.27 mishandles '\0' termination in DHCP. | Exposure of Sensitive Information | N/A |
| CVE-2020-11909 | 3.7 | The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow. | Integer Underflow | N/A |
| CVE-2020-11910 | 3.7 | The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Read. | Out-of-bounds Read | N/A |
| CVE-2020-11911 | 3.7 | The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Control. | Incorrect Permission Assignment for Critical Resource | N/A |
| CVE-2020-11912 | 3.7 | The Treck TCP/IP stack before 6.0.1.66 has a TCP Out-of-bounds Read. | Out-of-bounds Read | N/A |
| CVE-2020-11913 | 3.7 | The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. | Out-of-bounds Read | N/A |
| CVE-2020-11914 | 3.1 | The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read. | Out-of-bounds Read | N/A |
Affected products
Canon Medical Systems Corporation is not using Treck TCP/IP stack directly in its products. Canon Medical Systems Corporation is currently investigating whether there is any impact to third party components used in its products. If any impact is found, it will be informed to customer immediately.
Social Media
