{"id":"USN-8423-1","summary":"lwip vulnerabilities","details":"It was discovered that lwIP contained a buffer overflow in the EAP\nauthentication handling code. An attacker could possibly use this issue\nto trigger a buffer overflow, resulting in arbitrary code execution or a\ndenial of service. This issue only affected Ubuntu 20.04 LTS.\n(CVE-2020-8597)\n\nIt was discovered that lwIP incorrectly handled certain ICMPv6 or\n6LoWPAN packets. An attacker could possibly use this issue to trigger a\nbuffer overflow, resulting in information disclosure. This issue only\naffected Ubuntu 20.04 LTS. (CVE-2020-22283, CVE-2020-22284)\n\nIt was discovered that lwIP did not properly validate certain SNMPv3\nauthentication parameters. An attacker could possibly use this issue to\ntrigger a stack-based buffer overflow, resulting in arbitrary code\nexecution or a denial of service. (CVE-2026-8836)","modified":"2026-06-12T09:18:56.245855644Z","published":"2026-06-11T18:54:54Z","upstream":["CVE-2020-22283","CVE-2020-22284","CVE-2020-8597","CVE-2026-8836","UBUNTU-CVE-2020-22283","UBUNTU-CVE-2020-22284","UBUNTU-CVE-2020-8597","UBUNTU-CVE-2026-8836"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8423-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-8597"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-22283"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-22284"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-8836"}],"affected":[{"package":{"name":"lwip","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/lwip?arch=source&distro=esm-apps%2Ffocal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.2+dfsg1-4ubuntu0.1~esm1"}]}],"versions":["2.1.2-3","2.1.2-5.1","2.1.2+dfsg1-1","2.1.2+dfsg1-4"],"ecosystem_specific":{"binaries":[{"binary_version":"2.1.2+dfsg1-4ubuntu0.1~esm1","binary_name":"liblwip0"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:20.04:LTS","cves":[]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8423-1.json"}},{"package":{"name":"lwip","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/lwip?arch=source&distro=esm-apps%2Fjammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.3+dfsg1-1ubuntu0.1~esm1"}]}],"versions":["2.1.2+dfsg1-8","2.1.2+dfsg1-9","2.1.3+dfsg1-1"],"ecosystem_specific":{"binaries":[{"binary_version":"2.1.3+dfsg1-1ubuntu0.1~esm1","binary_name":"liblwip0"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:22.04:LTS","cves":[]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8423-1.json"}},{"package":{"name":"lwip","ecosystem":"Ubuntu:Pro:24.04:LTS","purl":"pkg:deb/ubuntu/lwip?arch=source&distro=esm-apps%2Fnoble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.0+dfsg1-6.1ubuntu0.1~esm1"}]}],"versions":["2.1.3+dfsg1-2","2.1.3+dfsg1-4","2.2.0+dfsg1-2","2.2.0+dfsg1-3","2.2.0+dfsg1-4","2.2.0+dfsg1-5","2.2.0+dfsg1-6","2.2.0+dfsg1-6.1","2.2.0+dfsg1-6.1build1","2.2.0+dfsg1-6.1build2"],"ecosystem_specific":{"binaries":[{"binary_version":"2.2.0+dfsg1-6.1ubuntu0.1~esm1","binary_name":"liblwip0t64"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:24.04:LTS","cves":[]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8423-1.json"}},{"package":{"name":"lwip","ecosystem":"Ubuntu:Pro:26.04:LTS","purl":"pkg:deb/ubuntu/lwip?arch=source&distro=esm-apps%2Fresolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.1+dfsg1-4ubuntu0.1~esm1"}]}],"versions":["2.2.1+dfsg1-2","2.2.1+dfsg1-3","2.2.1+dfsg1-4"],"ecosystem_specific":{"binaries":[{"binary_version":"2.2.1+dfsg1-4ubuntu0.1~esm1","binary_name":"liblwip0t64"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:26.04:LTS","cves":[]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8423-1.json"}}],"schema_version":"1.7.5"}