CVE-2020-17529: Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header

[Brennan Ashton <btashton () apache org>]

Description:
Out-of-bounds Write vulnerability in TCP Stack of Apache Software
Foundation Apache NuttX (incubating) allows attacker to corrupt memory
by supplying and invalid fragmentation offset value specified in the IP
header.  This is only impacts builds with both CONFIG_EXPERIMENTAL and
CONFIG_NET_TCP_REASSEMBLY build flags enabled.

This issue affects:
Apache Software Foundation Apache NuttX (incubating) versions prior to
9.1.1 AND 10.0.0.

This issue is also known as AMNESIA:33 CVE-2020-17438

Credit:
Apache NuttX would like to thank Forescout for reporting the issue

Thanks you,
Brennan Ashton