Ubuntu USN · USN-8423-1

lwIP vulnerabilities

Published: Thu, 11 Jun 2026 18:54

CVE-2026-8836CVE-2020-22284CVE-2020-22283CVE-2020-8597

Summary

Several security issues were fixed in lwIP.

Details

It was discovered that lwIP contained a buffer overflow in the EAP authentication handling code. An attacker could possibly use this issue to trigger a buffer overflow, resulting in arbitrary code execution or a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-8597) It was discovered that lwIP incorrectly handled certain ICMPv6 or 6LoWPAN packets. An attacker could possibly use this issue to trigger a buffer overflow, resulting in information disclosure. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-22283, CVE-2020-22284) It was discovered that lwIP did not properly validate certain SNMPv3 authentication parameters. An attacker could possibly use this issue to trigger a stack-based buffer overflow, resulting in arbitrary code execution or a denial of service. (CVE-2026-8836)

Recommended actions per Ubuntu release

StackPatch playbook auto-generated per release codename and per affected package.

Ubuntu focal

lwip→2.1.2+dfsg1-4ubuntu0.1~esm1apt_upgrade_esm
Fixed at 2.1.2+dfsg1-4ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
```
sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y lwip=2.1.2+dfsg1-4ubuntu0.1~esm1
```
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
liblwip-dev→2.1.2+dfsg1-4ubuntu0.1~esm1apt_upgrade_esm
Fixed at 2.1.2+dfsg1-4ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
```
sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y liblwip-dev=2.1.2+dfsg1-4ubuntu0.1~esm1
```
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
liblwip-doc→2.1.2+dfsg1-4ubuntu0.1~esm1apt_upgrade_esm
Fixed at 2.1.2+dfsg1-4ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
```
sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y liblwip-doc=2.1.2+dfsg1-4ubuntu0.1~esm1
```
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
liblwip0→2.1.2+dfsg1-4ubuntu0.1~esm1apt_upgrade_esm
Fixed at 2.1.2+dfsg1-4ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
```
sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y liblwip0=2.1.2+dfsg1-4ubuntu0.1~esm1
```
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.

Ubuntu jammy

lwip→2.1.3+dfsg1-1ubuntu0.1~esm1apt_upgrade_esm
Fixed at 2.1.3+dfsg1-1ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
```
sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y lwip=2.1.3+dfsg1-1ubuntu0.1~esm1
```
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
liblwip-dev→2.1.3+dfsg1-1ubuntu0.1~esm1apt_upgrade_esm
Fixed at 2.1.3+dfsg1-1ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
```
sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y liblwip-dev=2.1.3+dfsg1-1ubuntu0.1~esm1
```
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
liblwip-doc→2.1.3+dfsg1-1ubuntu0.1~esm1apt_upgrade_esm
Fixed at 2.1.3+dfsg1-1ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
```
sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y liblwip-doc=2.1.3+dfsg1-1ubuntu0.1~esm1
```
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
liblwip0→2.1.3+dfsg1-1ubuntu0.1~esm1apt_upgrade_esm
Fixed at 2.1.3+dfsg1-1ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
```
sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y liblwip0=2.1.3+dfsg1-1ubuntu0.1~esm1
```
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.

Ubuntu noble

lwip→2.2.0+dfsg1-6.1ubuntu0.1~esm1apt_upgrade_esm
Fixed at 2.2.0+dfsg1-6.1ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
```
sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y lwip=2.2.0+dfsg1-6.1ubuntu0.1~esm1
```
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
liblwip-dev→2.2.0+dfsg1-6.1ubuntu0.1~esm1apt_upgrade_esm
Fixed at 2.2.0+dfsg1-6.1ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
```
sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y liblwip-dev=2.2.0+dfsg1-6.1ubuntu0.1~esm1
```
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
liblwip-doc→2.2.0+dfsg1-6.1ubuntu0.1~esm1apt_upgrade_esm
Fixed at 2.2.0+dfsg1-6.1ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
```
sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y liblwip-doc=2.2.0+dfsg1-6.1ubuntu0.1~esm1
```
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
liblwip0t64→2.2.0+dfsg1-6.1ubuntu0.1~esm1apt_upgrade_esm
Fixed at 2.2.0+dfsg1-6.1ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
```
sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y liblwip0t64=2.2.0+dfsg1-6.1ubuntu0.1~esm1
```
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.

Ubuntu resolute

lwip→2.2.1+dfsg1-4ubuntu0.1~esm1apt_upgrade_esm
Fixed at 2.2.1+dfsg1-4ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
```
sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y lwip=2.2.1+dfsg1-4ubuntu0.1~esm1
```
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
liblwip-dev→2.2.1+dfsg1-4ubuntu0.1~esm1apt_upgrade_esm
Fixed at 2.2.1+dfsg1-4ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
```
sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y liblwip-dev=2.2.1+dfsg1-4ubuntu0.1~esm1
```
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
liblwip-doc→2.2.1+dfsg1-4ubuntu0.1~esm1apt_upgrade_esm
Fixed at 2.2.1+dfsg1-4ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
```
sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y liblwip-doc=2.2.1+dfsg1-4ubuntu0.1~esm1
```
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
liblwip0t64→2.2.1+dfsg1-4ubuntu0.1~esm1apt_upgrade_esm
Fixed at 2.2.1+dfsg1-4ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
```
sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y liblwip0t64=2.2.1+dfsg1-4ubuntu0.1~esm1
```
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.

Are YOU affected by USN-8423-1?

5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether USN-8423-1 (and any other live CVE) applies. Anonymous, no signup.

curl https://mindsparkstack.com/scan.sh | bash

Form-based quickscan Read the bash source first

Want this automated for your servers?

StackPatch runs this match against YOUR installed packages every hour

Free 1-server / $99 lifetime founder seat (50 only) / $19+/mo monthly. Indie pricing.

Buy lifetime →See StackPatch →Live audit log →