A missing boundary check was found in uIP (Micro IP) TCP packet processing
When handling TCP Urgent data, there are no sanity checks for the value of the Urgent data pointer, allowing attackers to corrupt memory by supplying arbitrary Urgent data pointer offsets within TCP packets.
Listed potential impact: DoS
In Red Hat Enterprise Linux, uIP is used in the iscsiuio command, provided by iscsi-initiator-utils.
In RHEL, the command is used for connecting to an iSCSI NAS. It is expected that the attacker is a Person in the Middle, between the NAS and the RHEL machine.
As a consequence, this issue is currently rated Low.
Created iscsi-initiator-utils tracking bugs for this issue:
Affects: fedora-all [bug 1909061]