[Git][security-tracker-team/security-tracker][master] CVE-2020-22284/lwip buster not affected

Tobias Frost (@tobi) tobi at debian.org
Sat Nov 18 17:11:14 GMT 2023 


Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker


Commits:
db650aba by Tobias Frost at 2023-11-18T18:06:18+01:00
CVE-2020-22284/lwip buster not affected

The vulnerable code is in the 6LowPAN encapsulation for ZEP (ZigBee Enxapsulation Protocol),
which as been introduced with commit 43a55003da622851b1c1677c8e7cb75e9430300f,
first seen in tag STABLE-2_1_0_RC1. Buster does not have that feature.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -233657,10 +233657,11 @@ CVE-2020-22285
 CVE-2020-22284 (A buffer overflow vulnerability in the zepif_linkoutput() function of  ...)
 	- lwip 2.1.3+dfsg1-1 (bug #991646)
 	[bullseye] - lwip 2.1.2+dfsg1-8+deb11u1
-	[buster] - lwip <no-dsa> (Minor issue)
+	[buster] - lwip <not-affected> (vulnerable code is not present)
 	NOTE: https://savannah.nongnu.org/bugs/index.php?58554
 	NOTE: https://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=8363c24e45a32728e385cfc2c3c36d88a8a9e70b (master)
 	NOTE: https://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=379d55044e9181533f1fd4d0e0cf89bc01cb9b8b (STABLE-2_1_3_RC1)
+	NOTE: Vulnerable feature introduced with https://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=43a55003da622851b1c1677c8e7cb75e9430300f (first contained in STABLE-2_1_0_RC1)
 CVE-2020-22283 (A buffer overflow vulnerability in the icmp6_send_response_with_addrs_ ...)
 	- lwip 2.1.3+dfsg1-1 (bug #991645)
 	[bullseye] - lwip 2.1.2+dfsg1-8+deb11u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db650aba4558a355d1cf9ab82dd2212622b63d78

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db650aba4558a355d1cf9ab82dd2212622b63d78
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231118/743b6752/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list