CVE-2023-35847

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-35847
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-35847.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-35847
Published
2023-06-19T03:15:09.280Z
Modified
2025-11-15T06:38:57.332036Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not have an MSS lower bound (e.g., it could be zero).

References

Affected packages

Git / github.com/virtualsquare/picotcp

Affected ranges

Type
GIT
Repo
https://github.com/virtualsquare/picotcp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
eaf166009e44641e6570c576ba071217f100fd99

Affected versions

2.*

2.0.0

V1.*

V1.0
V1.2.4

Other

sprint0
sprint1
sprint2
sprint3
sprint4
sprint5
sprint6
sprint7
sprint8

v1.*

v1.1-rc1
v1.2
v1.2.1
v1.2.2
v1.2.3
v1.3.0
v1.4.0
v1.4.1-dev-customer-sprint1
v1.5.0
v1.5.1
v1.6.0
v1.6.1
v1.6.2
v1.7.0

v2.*

v2.1

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/virtualsquare/picotcp/commit/eaf166009e44641e6570c576ba071217f100fd99",
        "target": {
            "file": "modules/pico_tcp.c"
        },
        "id": "CVE-2023-35847-1a878a06",
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "107456527686810483264036284326313557834",
                "67464624954801547498975388067602035799",
                "134883478032843749754712105893495330826",
                "312067642266342291605952024407400311713",
                "236258804348681343167448998944396968696",
                "217412199407494023064218814098398855141",
                "49976966158606650244438672167224984213",
                "310817882609977841968491799396385072025",
                "301554221740591143755799445757420250889",
                "209777018218264718563246327226251787001",
                "239747870450346560769062783930708107259",
                "275490253637696517392040969470024377694"
            ]
        }
    },
    {
        "source": "https://github.com/virtualsquare/picotcp/commit/eaf166009e44641e6570c576ba071217f100fd99",
        "target": {
            "function": "pico_tcp_initconn",
            "file": "modules/pico_tcp.c"
        },
        "id": "CVE-2023-35847-2a0d3ef9",
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "length": 1579.0,
            "function_hash": "220776243562049812956267006101530954895"
        }
    },
    {
        "source": "https://github.com/virtualsquare/picotcp/commit/eaf166009e44641e6570c576ba071217f100fd99",
        "target": {
            "function": "pico_tcp_open",
            "file": "modules/pico_tcp.c"
        },
        "id": "CVE-2023-35847-3e197a57",
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "length": 1335.0,
            "function_hash": "288540020976153159234040532578559914135"
        }
    },
    {
        "source": "https://github.com/virtualsquare/picotcp/commit/eaf166009e44641e6570c576ba071217f100fd99",
        "target": {
            "function": "tcp_syn",
            "file": "modules/pico_tcp.c"
        },
        "id": "CVE-2023-35847-8f842934",
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "length": 2228.0,
            "function_hash": "133399434550449773476553614049209825849"
        }
    }
]