gustavonihei opened a new issue #2839: URL: https://github.com/apache/incubator-nuttx/issues/2839
On February 10, 2021 Forescout Research Labs published another vulnerability report that affects multiple TCP/IP stacks. **uIP** TCP/IP stack is among them, with the following description: ``` ISN generator is initialized with a constant value and has constant increments. ``` In fact, the description seems fit to NuttX TCP/IP stack. In https://github.com/apache/incubator-nuttx/blob/master/net/tcp/tcp_seqno.c, `g_tcpsequence` is initialized with 0, and each call to `tcp_nextsequence()` just increments the variable. Link to the report: https://www.forescout.com/company/blog/numberjack-forescout-research-labs-finds-nine-isn-generation-vulnerabilities-affecting-tcpip-stacks ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
