Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-30463: Releases · tass-belgium/picotcp

Altran picoTCP through 1.7.0 allows memory corruption (and subsequent denial of service) because of an integer overflow in pico_ipv6_alloc when processing large ICMPv6 packets. This affects installations with Ethernet support in which a packet size greater than 65495 may occur.

CVE
Open in Source
#windows#linux#dos#git

picoTCP v1.7.0

It’s been way too long in the making, but it’s finally here : picoTCP v 1.7.0.
This is the first time the code is being released under both GPLv2 and GPLv3.
We’ve also improved the example code in the README.md, and clarified our use of a Contributors License Agreement.

Too many code changes to enumerate them all, but the most important changes are :

  • 6LoWPAN support
  • fixed many issues reported by coverity scan
  • removed potential memory leaks (especially in case of failing mallocs, i.e. out-of-memory situations)
  • many code quality improvements, internal refactorings
  • limited hotplug detection support (currently only on SLAACv4)
  • improved Bonjour conformance (not there yet, but getting closer)
  • improvement in DNS response parsing
  • various other bugfixes

for more, please run git log :-)

prpl demo code

A pre-compiled version of picoTCP intended for the prpl demo.

Note that this is not a production-quality release.

The binary was built using the command
make clean; make CROSS_COMPILE=mips-mti-elf- PLATFORM_CFLAGS="-EL -O2 -c -Wa,-mvirt -mips32r2 -mtune=m14k -mno-check-zero-division -msoft-float -fshort-double -ffreestanding -nostdlib -fomit-frame-pointer -G 0" DHCP_SERVER=0 SLAACV4=0 TFTP=0 AODV=0 IPV6=0 NAT=0 PING=1 ICMP4=1 DNS_CLIENT=0 MDNS=0 DNS_SD=0 SNTP_CLIENT=0 ARCH=pic32

PicoTCP v1.6.2

picoTCP v1.6.2 - hotfixes release.

Changelog:

  • fixed bug when using picotcp-memory manager where the wrong pico_free was called

PicoTCP v1.6.1

picoTCP v1.6.1 - hotfixes release.

Changelog:

  • fixed compiler warning for unused parameter
  • fixed unit tests (IGMP, MLD, PPP-CHAP)

PicoTCP v1.6

PicoTCP v1.6.0 - Release Notes

  • Fixed major bug in timers, when timers are canceled and allocator reuses the address
  • Several bugfixes in PPP module
  • PPP: Added support for PAP
  • Improved C89 compatibility: support for Watcom DOS compiler
  • Several bugfixes in TCP
  • Support for TCP LINGER
  • Support for TCP KeepAlive mechanism
  • TCP: ensure the socket is destroyed upon connection abort from peer (RST)
  • Support for Multicast IPv6 + MLD
  • Improved IGMP support
  • DHCP client: support for hostname and domain name
  • DHCP client: avoid adding 0.0.0.0 nameservers
  • IPv4: ensure that broadcast frames are not forwarded
  • IPv6: Fixed forwarding
  • Overall TioBE TICS score improved

picoTCP v1.5.1

picoTCP v1.5.1 - hotfixes release.

Changelog:

  • fixed possible memory leak when a DNS AAAA request fails
  • proper automatic bind of UDP sockets upon sendto calls
  • fixed memory leaks in mDNS/SD
  • fixed mDNS records with length=0
  • fixed TCP timeout and retransmissions timing upon connect()

PicoTCP v1.5.0

  • multicast DNS Support
  • Service Discovery
  • Refactoring of IP Fragmentation
  • Improved IPv6 Neighbor discovery (full TAHI coverage of nd.p2 part 1)
  • Improved handling of DNS servers information from DHCP client
  • Improved overall Quality
  • Fixed a few major bugs

picoTCP v1.4.2

  • Fixed memory/timer leaks in sNTP
  • Added support for PPP over Serial line
  • Improved compliance of DNS client
  • Accept RST/ACK as fast connection closing
  • Several minor bugfixes and improvements
  • Removed some dead code

picoTCP v1.4.0

  • Unified support for Cortex M3/M4
  • Explicit support for custom porting
  • New dynamic routing protocol: AODV
  • TFTP: several bug fixed.
  • Fixed IPv6 fragmentation
  • Full compliance to ICMPv6 RFC4443
  • Full compliance to IPv6 Specs RFC2460
  • UDP: fix CRC calculation
  • Full complience to SLAACv6 RFC4862
  • Reworked IPv6 Neighbor discovery mechanism (RFC4861)
  • Several minor memory access fixes
  • Fixed Copyright notes
  • Fixed coding style

PicoTCP v1.3.0

Changelog since version 1.2.4:

  • Several Bugfixes
  • Refactoring of IPv6 Neighbor discovery
  • MDNS support (work in progress…)
  • Zero-copy buffer receiving function
  • TFTP support
  • Interruptable ping and dhcp client operations
  • Improved arp/icmp6 support for packet delivery
  • Improved OLSR support for mesh networking
  • Windows TAP driver
  • Refactored CRC, using “young” algorithm
  • MTU now configurable from pico_device
  • pico_device interface supports link status
  • Full IPv6 Routing support (with router advertisements for /64s)
  • Support for a few new platforms
  • Support for compilation within Linux kernel

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE