CVE-2023-35849
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-35849
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-35849.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-35849
- Published
- 2023-06-19T03:15:09Z
- Modified
- 2025-10-16T09:57:04.036905Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly check whether header sizes would result in accessing data outside of a packet.
- References
Affected packages
Git / github.com/virtualsquare/picotcp
Affected ranges
- Type
- GIT
- Repo
- https://github.com/virtualsquare/picotcp
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2.*
2.0.0
V1.*
V1.0
V1.2.4
Other
sprint0
sprint1
sprint2
sprint3
sprint4
sprint5
sprint6
sprint7
sprint8
v1.*
v1.1-rc1
v1.2
v1.2.1
v1.2.2
v1.2.3
v1.3.0
v1.4.0
v1.4.1-dev-customer-sprint1
v1.5.0
v1.5.1
v1.6.0
v1.6.1
v1.6.2
v1.7.0
v2.*
v2.1
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"id": "CVE-2023-35849-48818375",
"target": {
"file": "modules/pico_tcp.c"
},
"source": "https://github.com/virtualsquare/picotcp/commit/4b9a16764f2b12b611de9c34a50b4713d10ca401",
"digest": {
"threshold": 0.9,
"line_hashes": [
"285654499533611993025090254575033670277",
"26037530924489790984786846986245495857",
"292280616955719529858654022839423124462",
"292622618448040082506854441821239042150",
"317206684698788525413602045195138979345",
"293444560465348784834763654659846358951",
"336952581479197438299798455481673249593"
]
},
"signature_type": "Line",
"deprecated": false
},
{
"signature_version": "v1",
"id": "CVE-2023-35849-502e4c8c",
"target": {
"file": "modules/pico_ipv4.c"
},
"source": "https://github.com/virtualsquare/picotcp/commit/4b9a16764f2b12b611de9c34a50b4713d10ca401",
"digest": {
"threshold": 0.9,
"line_hashes": [
"165320861050205378918815324656663061427",
"66134852335644723728004897969199184542",
"72433470875399735997617401182881970106",
"169223175135825161763931249825801426722"
]
},
"signature_type": "Line",
"deprecated": false
},
{
"signature_version": "v1",
"id": "CVE-2023-35849-720616ea",
"target": {
"file": "modules/pico_tcp.c",
"function": "tcp_parse_option_mss"
},
"source": "https://github.com/virtualsquare/picotcp/commit/4b9a16764f2b12b611de9c34a50b4713d10ca401",
"digest": {
"function_hash": "47031951348502463246891012409039473344",
"length": 348.0
},
"signature_type": "Function",
"deprecated": false
},
{
"signature_version": "v1",
"id": "CVE-2023-35849-b60d285f",
"target": {
"file": "modules/pico_tcp.c",
"function": "tcp_parse_options"
},
"source": "https://github.com/virtualsquare/picotcp/commit/4b9a16764f2b12b611de9c34a50b4713d10ca401",
"digest": {
"function_hash": "251575072811989124521923787802918092736",
"length": 1171.0
},
"signature_type": "Function",
"deprecated": false
},
{
"signature_version": "v1",
"id": "CVE-2023-35849-c96c1b5c",
"target": {
"file": "modules/pico_ipv4.c",
"function": "pico_ipv4_process_in"
},
"source": "https://github.com/virtualsquare/picotcp/commit/4b9a16764f2b12b611de9c34a50b4713d10ca401",
"digest": {
"function_hash": "23149032687452435093609048267686222926",
"length": 1893.0
},
"signature_type": "Function",
"deprecated": false
}
]