philip-n opened a new issue #2496: URL: https://github.com/apache/incubator-nuttx/issues/2496
On December 8th 2020, there's been widespread reporting about a family of vulnerabilities in the network stacks of various embedded OS, called "AMNESIA:33". The [original report](https://www.forescout.com/company/resources/amnesia33-how-tcp-ip-stacks-breed-critical-vulnerabilities-in-iot-ot-and-it-devices/) lists a number of vulnerabilities in uIP (page 10) and states that > The NuttX RTOS started by importing uIP, but then evolved its code independently. We could verify that at least one vulnerability still applies to NuttX. They mention https://github.com/apache/incubator-nuttx/blob/master/include/nuttx/net/ip.h as the according file. --- Is the vulnerability known and is there already some work going on to fix this (e.g. based on an advance-warning by the report authors)? ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
