The US Cybersecurity Infrastructure and Security Agency (CISA) has warned of critical vulnerabilities in a low-level TCP/IP software library developed by Treck. Two of these are rated critical in severity and could allow remote attackers to run arbitrary commands and mount denial-of-service (DoS) attacks. Treck recommends users to update the stack to version 6.0.1.68 to address the flaws. The company has released a new detection tool called “project-memoria-detector” to identify whether a target network device runs a vulnerable stack in a lab setting.
Source: https://thehackernews.com/2020/12/new-critical-flaws-in-treck-tcpip-stack.html