A out of bound read was found in uIP (Micro IP) TCP/UDP checksum calculation in IPv4 The function that parses incoming transport layer packets (TCP/UDP) does not check the length fields of packet headers against the data available in the packets. Given arbitrary lengths, an out-of-bounds memory read may be performed during the checksum computation. listed potential impact: DoS & information leak
External References: https://www.forescout.com/company/resources/amnesia33-how-tcp-ip-stacks-breed-critical-vulnerabilities-in-iot-ot-and-it-devices/
In Red Hat Enterprise Linux, uIP is used in the iscsiuio command, provided by iscsi-initiator-utils. In RHEL, the command is used for connecting to an iSCSI NAS. It is expected that the attacker is a Person in the Middle, between the NAS and the RHEL machine. As a consequence, this issue is currently rated Low.
Created iscsi-initiator-utils tracking bugs for this issue: Affects: fedora-all [bug 1909046]
Statement: Although a vulnerable version of uIP is included in iscsi-initiator-utils, it is believed that the vulnerability can not be actively exploited in that particular context.