All the vulnerabilites related to contiki-ng - contiki-ng
cve-2018-19417
Vulnerability from cvelistv5
Published
2018-11-21 19:00
Modified
2024-08-05 11:37
Severity ?
EPSS score ?
Summary
An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function parse_publish_vhdr() that parses MQTT PUBLISH messages with a variable length header uses memcpy to input data into a fixed size buffer. The allocated buffer can fit only MQTT_MAX_TOPIC_LENGTH (default 64) bytes, and a length check is missing. This could lead to Remote Code Execution via a stack-smashing attack (overwriting the function return address). Contiki-NG does not separate the MQTT server from other servers and the OS modules, so access to all memory regions is possible.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/contiki-ng/contiki-ng/issues/600 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:37:10.864Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/issues/600"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function parse_publish_vhdr() that parses MQTT PUBLISH messages with a variable length header uses memcpy to input data into a fixed size buffer. The allocated buffer can fit only MQTT_MAX_TOPIC_LENGTH (default 64) bytes, and a length check is missing. This could lead to Remote Code Execution via a stack-smashing attack (overwriting the function return address). Contiki-NG does not separate the MQTT server from other servers and the OS modules, so access to all memory regions is possible."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-21T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/issues/600"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function parse_publish_vhdr() that parses MQTT PUBLISH messages with a variable length header uses memcpy to input data into a fixed size buffer. The allocated buffer can fit only MQTT_MAX_TOPIC_LENGTH (default 64) bytes, and a length check is missing. This could lead to Remote Code Execution via a stack-smashing attack (overwriting the function return address). Contiki-NG does not separate the MQTT server from other servers and the OS modules, so access to all memory regions is possible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/contiki-ng/contiki-ng/issues/600",
"refsource": "MISC",
"url": "https://github.com/contiki-ng/contiki-ng/issues/600"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19417",
"datePublished": "2018-11-21T19:00:00",
"dateReserved": "2018-11-21T00:00:00",
"dateUpdated": "2024-08-05T11:37:10.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-9183
Vulnerability from cvelistv5
Published
2020-04-23 12:33
Modified
2024-08-04 21:38
Severity ?
EPSS score ?
Summary
An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. A buffer overflow is present due to an integer underflow during 6LoWPAN fragment processing in the face of truncated fragments in os/net/ipv6/sicslowpan.c. This results in accesses of unmapped memory, crashing the application. An attacker can cause a denial-of-service via a crafted 6LoWPAN frame.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/contiki-ng/contiki-ng/pull/972 | x_refsource_CONFIRM | |
| https://github.com/contiki-ng/contiki-ng/releases/tag/release%2Fv4.4 | x_refsource_CONFIRM | |
| https://www.usenix.org/system/files/sec20summer_clements_prepub.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:38:46.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/972"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/releases/tag/release%2Fv4.4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.usenix.org/system/files/sec20summer_clements_prepub.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-09-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. A buffer overflow is present due to an integer underflow during 6LoWPAN fragment processing in the face of truncated fragments in os/net/ipv6/sicslowpan.c. This results in accesses of unmapped memory, crashing the application. An attacker can cause a denial-of-service via a crafted 6LoWPAN frame."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-24T23:08:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/972"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contiki-ng/contiki-ng/releases/tag/release%2Fv4.4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.usenix.org/system/files/sec20summer_clements_prepub.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. A buffer overflow is present due to an integer underflow during 6LoWPAN fragment processing in the face of truncated fragments in os/net/ipv6/sicslowpan.c. This results in accesses of unmapped memory, crashing the application. An attacker can cause a denial-of-service via a crafted 6LoWPAN frame."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/972",
"refsource": "CONFIRM",
"url": "https://github.com/contiki-ng/contiki-ng/pull/972"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/releases/tag/release%2Fv4.4",
"refsource": "CONFIRM",
"url": "https://github.com/contiki-ng/contiki-ng/releases/tag/release%2Fv4.4"
},
{
"name": "https://www.usenix.org/system/files/sec20summer_clements_prepub.pdf",
"refsource": "MISC",
"url": "https://www.usenix.org/system/files/sec20summer_clements_prepub.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9183",
"datePublished": "2020-04-23T12:33:37",
"dateReserved": "2019-02-26T00:00:00",
"dateUpdated": "2024-08-04T21:38:46.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-35926
Vulnerability from cvelistv5
Published
2022-08-04 20:30
Modified
2024-08-03 09:51
Severity ?
EPSS score ?
Summary
Out-of-bounds read in IPv6 neighbor solicitation in Contiki-NG
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/contiki-ng/contiki-ng/releases/tag/release%2Fv4.8 | x_refsource_MISC | |
| https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-4hpq-4f53-w386 | x_refsource_CONFIRM | |
| https://github.com/contiki-ng/contiki-ng/pull/1654 | x_refsource_MISC | |
| https://github.com/contiki-ng/contiki-ng/pull/1654/commits/a4597001d50a04f4b9c78f323ba731e2f979802c | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | contiki-ng | contiki-ng |
Version: < 4.8 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:51:59.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/releases/tag/release%2Fv4.8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-4hpq-4f53-w386"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/1654"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/1654/commits/a4597001d50a04f4b9c78f323ba731e2f979802c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"status": "affected",
"version": "\u003c 4.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contiki-NG is an open-source, cross-platform operating system for IoT devices. Because of insufficient validation of IPv6 neighbor discovery options in Contiki-NG, attackers can send neighbor solicitation packets that trigger an out-of-bounds read. The problem exists in the module os/net/ipv6/uip-nd6.c, where memory read operations from the main packet buffer, \u003ccode\u003euip_buf\u003c/code\u003e, are not checked if they go out of bounds. In particular, this problem can occur when attempting to read the 2-byte option header and the Source Link-Layer Address Option (SLLAO). This attack requires ipv6 be enabled for the network. The problem has been patched in the develop branch of Contiki-NG. The upcoming 4.8 release of Contiki-NG will include the patch.Users unable to upgrade may apply the patch in Contiki-NG PR #1654."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-04T20:30:18",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/releases/tag/release%2Fv4.8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-4hpq-4f53-w386"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/1654"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/1654/commits/a4597001d50a04f4b9c78f323ba731e2f979802c"
}
],
"source": {
"advisory": "GHSA-4hpq-4f53-w386",
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds read in IPv6 neighbor solicitation in Contiki-NG",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-35926",
"STATE": "PUBLIC",
"TITLE": "Out-of-bounds read in IPv6 neighbor solicitation in Contiki-NG"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "contiki-ng",
"version": {
"version_data": [
{
"version_value": "\u003c 4.8"
}
]
}
}
]
},
"vendor_name": "contiki-ng"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Contiki-NG is an open-source, cross-platform operating system for IoT devices. Because of insufficient validation of IPv6 neighbor discovery options in Contiki-NG, attackers can send neighbor solicitation packets that trigger an out-of-bounds read. The problem exists in the module os/net/ipv6/uip-nd6.c, where memory read operations from the main packet buffer, \u003ccode\u003euip_buf\u003c/code\u003e, are not checked if they go out of bounds. In particular, this problem can occur when attempting to read the 2-byte option header and the Source Link-Layer Address Option (SLLAO). This attack requires ipv6 be enabled for the network. The problem has been patched in the develop branch of Contiki-NG. The upcoming 4.8 release of Contiki-NG will include the patch.Users unable to upgrade may apply the patch in Contiki-NG PR #1654."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/contiki-ng/contiki-ng/releases/tag/release%2Fv4.8",
"refsource": "MISC",
"url": "https://github.com/contiki-ng/contiki-ng/releases/tag/release%2Fv4.8"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-4hpq-4f53-w386",
"refsource": "CONFIRM",
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-4hpq-4f53-w386"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/1654",
"refsource": "MISC",
"url": "https://github.com/contiki-ng/contiki-ng/pull/1654"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/1654/commits/a4597001d50a04f4b9c78f323ba731e2f979802c",
"refsource": "MISC",
"url": "https://github.com/contiki-ng/contiki-ng/pull/1654/commits/a4597001d50a04f4b9c78f323ba731e2f979802c"
}
]
},
"source": {
"advisory": "GHSA-4hpq-4f53-w386",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-35926",
"datePublished": "2022-08-04T20:30:18",
"dateReserved": "2022-07-15T00:00:00",
"dateUpdated": "2024-08-03T09:51:59.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12141
Vulnerability from cvelistv5
Published
2021-10-19 15:23
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
An out-of-bounds read in the SNMP stack in Contiki-NG 4.4 and earlier allows an attacker to cause a denial of service and potentially disclose information via crafted SNMP packets to snmp_ber_decode_string_len_buffer in os/net/app-layer/snmp/snmp-ber.c.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:58.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/ScepticCtf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/commit/12c824386ab60de757de5001974d73b32e19ad71#diff-32367fad664c6118fd5dda77cdf38eedc006cdd7544eca5bbeebe0b99653f8a0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/1355"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read in the SNMP stack in Contiki-NG 4.4 and earlier allows an attacker to cause a denial of service and potentially disclose information via crafted SNMP packets to snmp_ber_decode_string_len_buffer in os/net/app-layer/snmp/snmp-ber.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-19T15:23:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/ScepticCtf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/commit/12c824386ab60de757de5001974d73b32e19ad71#diff-32367fad664c6118fd5dda77cdf38eedc006cdd7544eca5bbeebe0b99653f8a0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/1355"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read in the SNMP stack in Contiki-NG 4.4 and earlier allows an attacker to cause a denial of service and potentially disclose information via crafted SNMP packets to snmp_ber_decode_string_len_buffer in os/net/app-layer/snmp/snmp-ber.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://twitter.com/ScepticCtf",
"refsource": "MISC",
"url": "https://twitter.com/ScepticCtf"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/commit/12c824386ab60de757de5001974d73b32e19ad71#diff-32367fad664c6118fd5dda77cdf38eedc006cdd7544eca5bbeebe0b99653f8a0",
"refsource": "MISC",
"url": "https://github.com/contiki-ng/contiki-ng/commit/12c824386ab60de757de5001974d73b32e19ad71#diff-32367fad664c6118fd5dda77cdf38eedc006cdd7544eca5bbeebe0b99653f8a0"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/1355",
"refsource": "MISC",
"url": "https://github.com/contiki-ng/contiki-ng/pull/1355"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12141",
"datePublished": "2021-10-19T15:23:46",
"dateReserved": "2020-04-24T00:00:00",
"dateUpdated": "2024-08-04T11:48:58.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-21282
Vulnerability from cvelistv5
Published
2021-06-18 20:00
Modified
2024-08-03 18:09
Severity ?
EPSS score ?
Summary
Buffer overflow in RPL source routing header processing
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-6xf2-77gf-fgjx | x_refsource_CONFIRM | |
| https://github.com/contiki-ng/contiki-ng/pull/1183 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | contiki-ng | contiki-ng |
Version: < 4.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:14.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-6xf2-77gf-fgjx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/1183"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"status": "affected",
"version": "\u003c 4.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In versions prior to 4.5, buffer overflow can be triggered by an input packet when using either of Contiki-NG\u0027s two RPL implementations in source-routing mode. The problem has been patched in Contiki-NG 4.5. Users can apply the patch for this vulnerability out-of-band as a workaround."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-18T20:00:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-6xf2-77gf-fgjx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/1183"
}
],
"source": {
"advisory": "GHSA-6xf2-77gf-fgjx",
"discovery": "UNKNOWN"
},
"title": "Buffer overflow in RPL source routing header processing",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21282",
"STATE": "PUBLIC",
"TITLE": "Buffer overflow in RPL source routing header processing"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "contiki-ng",
"version": {
"version_data": [
{
"version_value": "\u003c 4.5"
}
]
}
}
]
},
"vendor_name": "contiki-ng"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In versions prior to 4.5, buffer overflow can be triggered by an input packet when using either of Contiki-NG\u0027s two RPL implementations in source-routing mode. The problem has been patched in Contiki-NG 4.5. Users can apply the patch for this vulnerability out-of-band as a workaround."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-6xf2-77gf-fgjx",
"refsource": "CONFIRM",
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-6xf2-77gf-fgjx"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/1183",
"refsource": "MISC",
"url": "https://github.com/contiki-ng/contiki-ng/pull/1183"
}
]
},
"source": {
"advisory": "GHSA-6xf2-77gf-fgjx",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21282",
"datePublished": "2021-06-18T20:00:11",
"dateReserved": "2020-12-22T00:00:00",
"dateUpdated": "2024-08-03T18:09:14.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-21257
Vulnerability from cvelistv5
Published
2021-06-18 20:55
Modified
2024-08-03 18:09
Severity ?
EPSS score ?
Summary
Out-of-bounds write in RPL-Classic and RPL-Lite
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-mvc7-9p4q-c5cm | x_refsource_CONFIRM | |
| https://github.com/contiki-ng/contiki-ng/pull/1431 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | contiki-ng | contiki-ng |
Version: < 4.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:15.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-mvc7-9p4q-c5cm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/1431"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"status": "affected",
"version": "\u003c 4.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contiki-NG is an open-source, cross-platform operating system for internet of things devices. The RPL-Classic and RPL-Lite implementations in the Contiki-NG operating system versions prior to 4.6 do not validate the address pointer in the RPL source routing header This makes it possible for an attacker to cause out-of-bounds writes with packets injected into the network stack. Specifically, the problem lies in the rpl_ext_header_srh_update function in the two rpl-ext-header.c modules for RPL-Classic and RPL-Lite respectively. The addr_ptr variable is calculated using an unvalidated CMPR field value from the source routing header. An out-of-bounds write can be triggered on line 151 in os/net/routing/rpl-lite/rpl-ext-header.c and line 261 in os/net/routing/rpl-classic/rpl-ext-header.c, which contain the following memcpy call with addr_ptr as destination. The problem has been patched in Contiki-NG 4.6. Users can apply a patch out-of-band as a workaround."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-18T20:55:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-mvc7-9p4q-c5cm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/1431"
}
],
"source": {
"advisory": "GHSA-mvc7-9p4q-c5cm",
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds write in RPL-Classic and RPL-Lite",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21257",
"STATE": "PUBLIC",
"TITLE": "Out-of-bounds write in RPL-Classic and RPL-Lite"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "contiki-ng",
"version": {
"version_data": [
{
"version_value": "\u003c 4.6"
}
]
}
}
]
},
"vendor_name": "contiki-ng"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Contiki-NG is an open-source, cross-platform operating system for internet of things devices. The RPL-Classic and RPL-Lite implementations in the Contiki-NG operating system versions prior to 4.6 do not validate the address pointer in the RPL source routing header This makes it possible for an attacker to cause out-of-bounds writes with packets injected into the network stack. Specifically, the problem lies in the rpl_ext_header_srh_update function in the two rpl-ext-header.c modules for RPL-Classic and RPL-Lite respectively. The addr_ptr variable is calculated using an unvalidated CMPR field value from the source routing header. An out-of-bounds write can be triggered on line 151 in os/net/routing/rpl-lite/rpl-ext-header.c and line 261 in os/net/routing/rpl-classic/rpl-ext-header.c, which contain the following memcpy call with addr_ptr as destination. The problem has been patched in Contiki-NG 4.6. Users can apply a patch out-of-band as a workaround."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-mvc7-9p4q-c5cm",
"refsource": "CONFIRM",
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-mvc7-9p4q-c5cm"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/1431",
"refsource": "MISC",
"url": "https://github.com/contiki-ng/contiki-ng/pull/1431"
}
]
},
"source": {
"advisory": "GHSA-mvc7-9p4q-c5cm",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21257",
"datePublished": "2021-06-18T20:55:10",
"dateReserved": "2020-12-22T00:00:00",
"dateUpdated": "2024-08-03T18:09:15.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14935
Vulnerability from cvelistv5
Published
2020-08-18 16:32
Modified
2024-08-04 13:00
Severity ?
EPSS score ?
Summary
Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP bulk get request response encoding function. The function parsing the received SNMP request does not verify the input message's requested variables against the capacity of the internal SNMP engine buffer. When a bulk get request response is assembled, a stack buffer dedicated for OIDs (with a limited capacity) is allocated in snmp_engine_get_bulk(). When snmp_engine_get_bulk() is populating the stack buffer, an overflow condition may occur due to lack of input length validation. This makes it possible to overwrite stack regions beyond the allocated buffer, including the return address from the function. As a result, the code execution path may be redirected to an address provided in the SNMP bulk get payload. If the target architecture uses common addressing space for program and data memory, it may also be possible to supply code in the SNMP request payload, and redirect the execution path to the remotely injected code, by modifying the function's return address.
References
| ▼ | URL | Tags |
|---|---|---|
| https://drive.google.com/file/d/1qp3ZXaFRiR_imWg0lUbI7-D-hIT268EB/view?usp=sharing | x_refsource_MISC | |
| https://github.com/contiki-ng/contiki-ng/issues/1353 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:00:52.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/file/d/1qp3ZXaFRiR_imWg0lUbI7-D-hIT268EB/view?usp=sharing"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/issues/1353"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP bulk get request response encoding function. The function parsing the received SNMP request does not verify the input message\u0027s requested variables against the capacity of the internal SNMP engine buffer. When a bulk get request response is assembled, a stack buffer dedicated for OIDs (with a limited capacity) is allocated in snmp_engine_get_bulk(). When snmp_engine_get_bulk() is populating the stack buffer, an overflow condition may occur due to lack of input length validation. This makes it possible to overwrite stack regions beyond the allocated buffer, including the return address from the function. As a result, the code execution path may be redirected to an address provided in the SNMP bulk get payload. If the target architecture uses common addressing space for program and data memory, it may also be possible to supply code in the SNMP request payload, and redirect the execution path to the remotely injected code, by modifying the function\u0027s return address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-18T16:32:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/file/d/1qp3ZXaFRiR_imWg0lUbI7-D-hIT268EB/view?usp=sharing"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/issues/1353"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-14935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP bulk get request response encoding function. The function parsing the received SNMP request does not verify the input message\u0027s requested variables against the capacity of the internal SNMP engine buffer. When a bulk get request response is assembled, a stack buffer dedicated for OIDs (with a limited capacity) is allocated in snmp_engine_get_bulk(). When snmp_engine_get_bulk() is populating the stack buffer, an overflow condition may occur due to lack of input length validation. This makes it possible to overwrite stack regions beyond the allocated buffer, including the return address from the function. As a result, the code execution path may be redirected to an address provided in the SNMP bulk get payload. If the target architecture uses common addressing space for program and data memory, it may also be possible to supply code in the SNMP request payload, and redirect the execution path to the remotely injected code, by modifying the function\u0027s return address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drive.google.com/file/d/1qp3ZXaFRiR_imWg0lUbI7-D-hIT268EB/view?usp=sharing",
"refsource": "MISC",
"url": "https://drive.google.com/file/d/1qp3ZXaFRiR_imWg0lUbI7-D-hIT268EB/view?usp=sharing"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/issues/1353",
"refsource": "MISC",
"url": "https://github.com/contiki-ng/contiki-ng/issues/1353"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-14935",
"datePublished": "2020-08-18T16:32:37",
"dateReserved": "2020-06-21T00:00:00",
"dateUpdated": "2024-08-04T13:00:52.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14937
Vulnerability from cvelistv5
Published
2020-08-18 15:27
Modified
2024-08-04 13:00
Severity ?
EPSS score ?
Summary
Memory access out of buffer boundaries issues was discovered in Contiki-NG 4.4 through 4.5, in the SNMP BER encoder/decoder. The length of provided input/output buffers is insufficiently verified during the encoding and decoding of data. This may lead to out-of-bounds buffer read or write access in BER decoding and encoding functions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://drive.google.com/file/d/1mAkJBVZNv5PMVwLojru0njH38zEXpWui/view?usp=sharing | x_refsource_MISC | |
| https://github.com/contiki-ng/contiki-ng/issues/1354 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:00:52.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/file/d/1mAkJBVZNv5PMVwLojru0njH38zEXpWui/view?usp=sharing"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/issues/1354"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory access out of buffer boundaries issues was discovered in Contiki-NG 4.4 through 4.5, in the SNMP BER encoder/decoder. The length of provided input/output buffers is insufficiently verified during the encoding and decoding of data. This may lead to out-of-bounds buffer read or write access in BER decoding and encoding functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-18T15:27:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/file/d/1mAkJBVZNv5PMVwLojru0njH38zEXpWui/view?usp=sharing"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/issues/1354"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-14937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory access out of buffer boundaries issues was discovered in Contiki-NG 4.4 through 4.5, in the SNMP BER encoder/decoder. The length of provided input/output buffers is insufficiently verified during the encoding and decoding of data. This may lead to out-of-bounds buffer read or write access in BER decoding and encoding functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drive.google.com/file/d/1mAkJBVZNv5PMVwLojru0njH38zEXpWui/view?usp=sharing",
"refsource": "MISC",
"url": "https://drive.google.com/file/d/1mAkJBVZNv5PMVwLojru0njH38zEXpWui/view?usp=sharing"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/issues/1354",
"refsource": "MISC",
"url": "https://github.com/contiki-ng/contiki-ng/issues/1354"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-14937",
"datePublished": "2020-08-18T15:27:37",
"dateReserved": "2020-06-21T00:00:00",
"dateUpdated": "2024-08-04T13:00:52.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-21279
Vulnerability from cvelistv5
Published
2021-06-18 20:40
Modified
2024-08-03 18:09
Severity ?
EPSS score ?
Summary
Infinite loop in IPv6 neighbor solicitation processing
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-rr5j-j8m8-fc4f | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | contiki-ng | contiki-ng |
Version: < 4.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:15.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-rr5j-j8m8-fc4f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"status": "affected",
"version": "\u003c 4.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In verions prior to 4.6, an attacker can perform a denial-of-service attack by triggering an infinite loop in the processing of IPv6 neighbor solicitation (NS) messages. This type of attack can effectively shut down the operation of the system because of the cooperative scheduling used for the main parts of Contiki-NG and its communication stack. The problem has been patched in Contiki-NG 4.6. Users can apply the patch for this vulnerability out-of-band as a workaround."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-18T20:40:09",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-rr5j-j8m8-fc4f"
}
],
"source": {
"advisory": "GHSA-rr5j-j8m8-fc4f",
"discovery": "UNKNOWN"
},
"title": "Infinite loop in IPv6 neighbor solicitation processing",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21279",
"STATE": "PUBLIC",
"TITLE": "Infinite loop in IPv6 neighbor solicitation processing"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "contiki-ng",
"version": {
"version_data": [
{
"version_value": "\u003c 4.6"
}
]
}
}
]
},
"vendor_name": "contiki-ng"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In verions prior to 4.6, an attacker can perform a denial-of-service attack by triggering an infinite loop in the processing of IPv6 neighbor solicitation (NS) messages. This type of attack can effectively shut down the operation of the system because of the cooperative scheduling used for the main parts of Contiki-NG and its communication stack. The problem has been patched in Contiki-NG 4.6. Users can apply the patch for this vulnerability out-of-band as a workaround."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-rr5j-j8m8-fc4f",
"refsource": "CONFIRM",
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-rr5j-j8m8-fc4f"
}
]
},
"source": {
"advisory": "GHSA-rr5j-j8m8-fc4f",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21279",
"datePublished": "2021-06-18T20:40:10",
"dateReserved": "2020-12-22T00:00:00",
"dateUpdated": "2024-08-03T18:09:15.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-21280
Vulnerability from cvelistv5
Published
2021-06-18 20:35
Modified
2024-08-03 18:09
Severity ?
EPSS score ?
Summary
Out-of-bounds write when processing 6LoWPAN extension headers
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-r768-hrhf-v592 | x_refsource_CONFIRM | |
| https://github.com/contiki-ng/contiki-ng/pull/1409 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | contiki-ng | contiki-ng |
Version: < 4.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:14.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-r768-hrhf-v592"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/1409"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"status": "affected",
"version": "\u003c 4.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contiki-NG is an open-source, cross-platform operating system for internet of things devices. It is possible to cause an out-of-bounds write in versions of Contiki-NG prior to 4.6 when transmitting a 6LoWPAN packet with a chain of extension headers. Unfortunately, the written header is not checked to be within the available space, thereby making it possible to write outside the buffer. The problem has been patched in Contiki-NG 4.6. Users can apply the patch for this vulnerability out-of-band as a workaround."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-18T20:35:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-r768-hrhf-v592"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/1409"
}
],
"source": {
"advisory": "GHSA-r768-hrhf-v592",
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds write when processing 6LoWPAN extension headers",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21280",
"STATE": "PUBLIC",
"TITLE": "Out-of-bounds write when processing 6LoWPAN extension headers"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "contiki-ng",
"version": {
"version_data": [
{
"version_value": "\u003c 4.6"
}
]
}
}
]
},
"vendor_name": "contiki-ng"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Contiki-NG is an open-source, cross-platform operating system for internet of things devices. It is possible to cause an out-of-bounds write in versions of Contiki-NG prior to 4.6 when transmitting a 6LoWPAN packet with a chain of extension headers. Unfortunately, the written header is not checked to be within the available space, thereby making it possible to write outside the buffer. The problem has been patched in Contiki-NG 4.6. Users can apply the patch for this vulnerability out-of-band as a workaround."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-r768-hrhf-v592",
"refsource": "CONFIRM",
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-r768-hrhf-v592"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/1409",
"refsource": "MISC",
"url": "https://github.com/contiki-ng/contiki-ng/pull/1409"
}
]
},
"source": {
"advisory": "GHSA-r768-hrhf-v592",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21280",
"datePublished": "2021-06-18T20:35:10",
"dateReserved": "2020-12-22T00:00:00",
"dateUpdated": "2024-08-03T18:09:14.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-24336
Vulnerability from cvelistv5
Published
2020-12-11 22:43
Modified
2024-08-04 15:12
Severity ?
EPSS score ?
Summary
An issue was discovered in Contiki through 3.0 and Contiki-NG through 4.5. The code for parsing Type A domain name answers in ip64-dns64.c doesn't verify whether the address in the answer's length is sane. Therefore, when copying an address of an arbitrary length, a buffer overflow can occur. This bug can be exploited whenever NAT64 is enabled.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.kb.cert.org/vuls/id/815128 | x_refsource_MISC | |
| https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:12:08.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/815128"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Contiki through 3.0 and Contiki-NG through 4.5. The code for parsing Type A domain name answers in ip64-dns64.c doesn\u0027t verify whether the address in the answer\u0027s length is sane. Therefore, when copying an address of an arbitrary length, a buffer overflow can occur. This bug can be exploited whenever NAT64 is enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-11T22:43:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.kb.cert.org/vuls/id/815128"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Contiki through 3.0 and Contiki-NG through 4.5. The code for parsing Type A domain name answers in ip64-dns64.c doesn\u0027t verify whether the address in the answer\u0027s length is sane. Therefore, when copying an address of an arbitrary length, a buffer overflow can occur. This bug can be exploited whenever NAT64 is enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.kb.cert.org/vuls/id/815128",
"refsource": "MISC",
"url": "https://www.kb.cert.org/vuls/id/815128"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24336",
"datePublished": "2020-12-11T22:43:01",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T15:12:08.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-21281
Vulnerability from cvelistv5
Published
2021-06-18 20:25
Modified
2024-08-03 18:09
Severity ?
EPSS score ?
Summary
Buffer overflow due to unvalidated TCP data offset
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-mc42-fqfr-h9fp | x_refsource_CONFIRM | |
| https://github.com/contiki-ng/contiki-ng/pull/1366 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | contiki-ng | contiki-ng |
Version: < 4.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:15.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-mc42-fqfr-h9fp"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/1366"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"status": "affected",
"version": "\u003c 4.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contiki-NG is an open-source, cross-platform operating system for internet of things devices. A buffer overflow vulnerability exists in Contiki-NG versions prior to 4.6. After establishing a TCP socket using the tcp-socket library, it is possible for the remote end to send a packet with a data offset that is unvalidated. The problem has been patched in Contiki-NG 4.6. Users can apply the patch for this vulnerability out-of-band as a workaround."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-18T20:25:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-mc42-fqfr-h9fp"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/1366"
}
],
"source": {
"advisory": "GHSA-mc42-fqfr-h9fp",
"discovery": "UNKNOWN"
},
"title": "Buffer overflow due to unvalidated TCP data offset",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21281",
"STATE": "PUBLIC",
"TITLE": "Buffer overflow due to unvalidated TCP data offset"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "contiki-ng",
"version": {
"version_data": [
{
"version_value": "\u003c 4.6"
}
]
}
}
]
},
"vendor_name": "contiki-ng"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Contiki-NG is an open-source, cross-platform operating system for internet of things devices. A buffer overflow vulnerability exists in Contiki-NG versions prior to 4.6. After establishing a TCP socket using the tcp-socket library, it is possible for the remote end to send a packet with a data offset that is unvalidated. The problem has been patched in Contiki-NG 4.6. Users can apply the patch for this vulnerability out-of-band as a workaround."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-mc42-fqfr-h9fp",
"refsource": "CONFIRM",
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-mc42-fqfr-h9fp"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/1366",
"refsource": "MISC",
"url": "https://github.com/contiki-ng/contiki-ng/pull/1366"
}
]
},
"source": {
"advisory": "GHSA-mc42-fqfr-h9fp",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21281",
"datePublished": "2021-06-18T20:25:10",
"dateReserved": "2020-12-22T00:00:00",
"dateUpdated": "2024-08-03T18:09:15.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-24335
Vulnerability from cvelistv5
Published
2021-02-02 06:13
Modified
2024-08-04 15:12
Severity ?
EPSS score ?
Summary
An issue was discovered in uIP through 1.0, as used in Contiki and Contiki-NG. Domain name parsing lacks bounds checks, allowing an attacker to corrupt memory with crafted DNS packets.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/adamdunkels/uip | x_refsource_MISC | |
| https://github.com/contiki-os/contiki | x_refsource_MISC | |
| https://github.com/contiki-ng/contiki-ng | x_refsource_MISC | |
| https://www.kb.cert.org/vuls/id/815128 | x_refsource_MISC | |
| https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:12:08.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/adamdunkels/uip"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-os/contiki"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/815128"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in uIP through 1.0, as used in Contiki and Contiki-NG. Domain name parsing lacks bounds checks, allowing an attacker to corrupt memory with crafted DNS packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-02T06:13:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/adamdunkels/uip"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-os/contiki"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.kb.cert.org/vuls/id/815128"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in uIP through 1.0, as used in Contiki and Contiki-NG. Domain name parsing lacks bounds checks, allowing an attacker to corrupt memory with crafted DNS packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/adamdunkels/uip",
"refsource": "MISC",
"url": "https://github.com/adamdunkels/uip"
},
{
"name": "https://github.com/contiki-os/contiki",
"refsource": "MISC",
"url": "https://github.com/contiki-os/contiki"
},
{
"name": "https://github.com/contiki-ng/contiki-ng",
"refsource": "MISC",
"url": "https://github.com/contiki-ng/contiki-ng"
},
{
"name": "https://www.kb.cert.org/vuls/id/815128",
"refsource": "MISC",
"url": "https://www.kb.cert.org/vuls/id/815128"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24335",
"datePublished": "2021-02-02T06:13:37",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T15:12:08.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29001
Vulnerability from cvelistv5
Published
2024-11-27 18:20
Modified
2024-11-27 19:22
Severity ?
EPSS score ?
Summary
Uncontrolled recursion due to insufficient validation of the IPv6 source routing header in Contiki-NG
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-7p75-mf53-ffwm | x_refsource_CONFIRM | |
| https://github.com/contiki-ng/contiki-ng/pull/2264 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | contiki-ng | contiki-ng |
Version: <= 4.9 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:contiki-ng:contiki-ng:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"lessThanOrEqual": "4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29001",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T19:21:30.442854Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T19:22:42.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"status": "affected",
"version": "\u003c= 4.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contiki-NG is an open-source, cross-platform operating system for IoT devices. The Contiki-NG operating system processes source routing headers (SRH) in its two alternative RPL protocol implementations. The IPv6 implementation uses the results of this processing to determine whether an incoming packet should be forwarded to another host. Because of missing validation of the resulting next-hop address, an uncontrolled recursion may occur in the tcpip_ipv6_output function in the os/net/ipv6/tcpip.c module when receiving a packet with a next-hop address that is a local address. Attackers that have the possibility to send IPv6 packets to the Contiki-NG host can therefore trigger deeply nested recursive calls, which can cause a stack overflow. The vulnerability has not been patched in the current release of Contiki-NG, but is expected to be patched in the next release. The problem can be fixed by applying the patch in Contiki-NG pull request #2264. Users are advised to either apply the patch manually or to wait for the next release. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674: Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T18:20:47.360Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-7p75-mf53-ffwm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-7p75-mf53-ffwm"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/2264",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/2264"
}
],
"source": {
"advisory": "GHSA-7p75-mf53-ffwm",
"discovery": "UNKNOWN"
},
"title": "Uncontrolled recursion due to insufficient validation of the IPv6 source routing header in Contiki-NG"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29001",
"datePublished": "2024-11-27T18:20:47.360Z",
"dateReserved": "2023-03-29T17:39:16.142Z",
"dateUpdated": "2024-11-27T19:22:42.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36053
Vulnerability from cvelistv5
Published
2022-09-01 12:00
Modified
2024-08-03 09:52
Severity ?
EPSS score ?
Summary
Out-of-bounds read in the uIP buffer module
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-2j9c-7754-w4cw | x_refsource_CONFIRM | |
| https://github.com/contiki-ng/contiki-ng/pull/1648 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | contiki-ng | contiki-ng |
Version: < 4.8 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-2j9c-7754-w4cw"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/1648"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"status": "affected",
"version": "\u003c 4.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The low-power IPv6 network stack of Contiki-NG has a buffer module (os/net/ipv6/uipbuf.c) that processes IPv6 extension headers in incoming data packets. As part of this processing, the function uipbuf_get_next_header casts a pointer to a uip_ext_hdr structure into the packet buffer at different offsets where extension headers are expected to be found, and then reads from this structure. Because of a lack of bounds checking, the casting can be done so that the structure extends beyond the packet\u0027s end. Hence, with a carefully crafted packet, it is possible to cause the Contiki-NG system to read data outside the packet buffer. A patch that fixes the vulnerability is included in Contiki-NG 4.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-01T12:00:14",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-2j9c-7754-w4cw"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/1648"
}
],
"source": {
"advisory": "GHSA-2j9c-7754-w4cw",
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds read in the uIP buffer module",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-36053",
"STATE": "PUBLIC",
"TITLE": "Out-of-bounds read in the uIP buffer module"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "contiki-ng",
"version": {
"version_data": [
{
"version_value": "\u003c 4.8"
}
]
}
}
]
},
"vendor_name": "contiki-ng"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The low-power IPv6 network stack of Contiki-NG has a buffer module (os/net/ipv6/uipbuf.c) that processes IPv6 extension headers in incoming data packets. As part of this processing, the function uipbuf_get_next_header casts a pointer to a uip_ext_hdr structure into the packet buffer at different offsets where extension headers are expected to be found, and then reads from this structure. Because of a lack of bounds checking, the casting can be done so that the structure extends beyond the packet\u0027s end. Hence, with a carefully crafted packet, it is possible to cause the Contiki-NG system to read data outside the packet buffer. A patch that fixes the vulnerability is included in Contiki-NG 4.8."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-2j9c-7754-w4cw",
"refsource": "CONFIRM",
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-2j9c-7754-w4cw"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/1648",
"refsource": "MISC",
"url": "https://github.com/contiki-ng/contiki-ng/pull/1648"
}
]
},
"source": {
"advisory": "GHSA-2j9c-7754-w4cw",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36053",
"datePublished": "2022-09-01T12:00:15",
"dateReserved": "2022-07-15T00:00:00",
"dateUpdated": "2024-08-03T09:52:00.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-24334
Vulnerability from cvelistv5
Published
2020-12-11 22:42
Modified
2024-08-04 15:12
Severity ?
EPSS score ?
Summary
The code that processes DNS responses in uIP through 1.0, as used in Contiki and Contiki-NG, does not check whether the number of responses specified in the DNS packet header corresponds to the response data available in the DNS packet, leading to an out-of-bounds read and Denial-of-Service in resolv.c.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.kb.cert.org/vuls/id/815128 | x_refsource_MISC | |
| https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:12:09.009Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/815128"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The code that processes DNS responses in uIP through 1.0, as used in Contiki and Contiki-NG, does not check whether the number of responses specified in the DNS packet header corresponds to the response data available in the DNS packet, leading to an out-of-bounds read and Denial-of-Service in resolv.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-11T22:42:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.kb.cert.org/vuls/id/815128"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The code that processes DNS responses in uIP through 1.0, as used in Contiki and Contiki-NG, does not check whether the number of responses specified in the DNS packet header corresponds to the response data available in the DNS packet, leading to an out-of-bounds read and Denial-of-Service in resolv.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.kb.cert.org/vuls/id/815128",
"refsource": "MISC",
"url": "https://www.kb.cert.org/vuls/id/815128"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24334",
"datePublished": "2020-12-11T22:42:04",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T15:12:09.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41972
Vulnerability from cvelistv5
Published
2022-12-16 17:37
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
Contiki-NG contains NULL Pointer Dereference in BLE L2CAP module
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-24xp-g5gf-6vvm | x_refsource_CONFIRM | |
| https://github.com/contiki-ng/contiki-ng/pull/2253 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | contiki-ng | contiki-ng |
Version: <= 4.8 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:39.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-24xp-g5gf-6vvm",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-24xp-g5gf-6vvm"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/2253",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/2253"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"status": "affected",
"version": "\u003c= 4.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 contain a NULL Pointer Dereference in BLE L2CAP module. The Contiki-NG operating system for IoT devices contains a Bluetooth Low Energy stack. An attacker can inject a packet in this stack, which causes the implementation to dereference a NULL pointer and triggers undefined behavior. More specifically, while processing the L2CAP protocol, the implementation maps an incoming channel ID to its metadata structure. In this structure, state information regarding credits is managed through calls to the function input_l2cap_credit in the module os/net/mac/ble/ble-l2cap.c. Unfortunately, the input_l2cap_credit function does not check that the metadata corresponding to the user-supplied channel ID actually exists, which can lead to the channel variable being set to NULL before a pointer dereferencing operation is performed. The vulnerability has been patched in the \"develop\" branch of Contiki-NG, and will be included in release 4.9. Users can apply the patch in Contiki-NG pull request #2253 as a workaround until the new package is released."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-16T17:37:57.536Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-24xp-g5gf-6vvm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-24xp-g5gf-6vvm"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/2253",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/2253"
}
],
"source": {
"advisory": "GHSA-24xp-g5gf-6vvm",
"discovery": "UNKNOWN"
},
"title": "Contiki-NG contains NULL Pointer Dereference in BLE L2CAP module"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-41972",
"datePublished": "2022-12-16T17:37:57.536Z",
"dateReserved": "2022-09-30T16:38:28.957Z",
"dateUpdated": "2024-08-03T12:56:39.126Z",
"requesterUserId": "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-31129
Vulnerability from cvelistv5
Published
2023-05-08 20:51
Modified
2024-08-02 14:45
Severity ?
EPSS score ?
Summary
Contiki-NG missing NULL pointer check in IPv6 neighbor discovery
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-x29r-5qjg-75mq | x_refsource_CONFIRM | |
| https://github.com/contiki-ng/contiki-ng/pull/2271 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | contiki-ng | contiki-ng |
Version: <= 4.8 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.766Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-x29r-5qjg-75mq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-x29r-5qjg-75mq"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/2271",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/2271"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"status": "affected",
"version": "\u003c= 4.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Contiki-NG operating system versions 4.8 and prior can be triggered to dereference a NULL pointer in the message handling code for IPv6 router solicitiations. Contiki-NG contains an implementation of IPv6 Neighbor Discovery (ND) in the module `os/net/ipv6/uip-nd6.c`. The ND protocol includes a message type called Router Solicitation (RS), which is used to locate routers and update their address information via the SLLAO (Source Link-Layer Address Option). If the indicated source address changes, a given neighbor entry is set to the STALE state.\n\nThe message handler does not check for RS messages with an SLLAO that indicates a link-layer address change that a neighbor entry can actually be created for the indicated address. The resulting pointer is used without a check, leading to the dereference of a NULL pointer of type `uip_ds6_nbr_t`.\n\nThe problem has been patched in the `develop` branch of Contiki-NG, and will be included in the upcoming 4.9 release. As a workaround, users can apply Contiki-NG pull request #2271 to patch the problem directly."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-08T20:51:14.657Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-x29r-5qjg-75mq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-x29r-5qjg-75mq"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/2271",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/2271"
}
],
"source": {
"advisory": "GHSA-x29r-5qjg-75mq",
"discovery": "UNKNOWN"
},
"title": "Contiki-NG missing NULL pointer check in IPv6 neighbor discovery"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-31129",
"datePublished": "2023-05-08T20:51:14.657Z",
"dateReserved": "2023-04-24T21:44:10.416Z",
"dateUpdated": "2024-08-02T14:45:25.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-27634
Vulnerability from cvelistv5
Published
2023-10-10 00:00
Modified
2024-09-19 15:04
Severity ?
EPSS score ?
Summary
In Contiki 4.5, TCP ISNs are improperly random.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:45.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.forescout.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-27634",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T15:04:10.474886Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T15:04:22.313Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Contiki 4.5, TCP ISNs are improperly random."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-10T16:28:35.260683",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.forescout.com"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01"
},
{
"url": "https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-27634",
"datePublished": "2023-10-10T00:00:00",
"dateReserved": "2020-10-22T00:00:00",
"dateUpdated": "2024-09-19T15:04:22.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-23609
Vulnerability from cvelistv5
Published
2023-01-25 06:15
Modified
2024-08-02 10:35
Severity ?
EPSS score ?
Summary
contiki-ng BLE-L2CAP contains Improper size validation of L2CAP frames
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-qr4q-6h3m-h3g7 | x_refsource_CONFIRM | |
| https://github.com/contiki-ng/contiki-ng/pull/2254 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | contiki-ng | contiki-ng |
Version: <= 4.8 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:33.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-qr4q-6h3m-h3g7",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-qr4q-6h3m-h3g7"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/2254",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/2254"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"status": "affected",
"version": "\u003c= 4.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to and including 4.8 are vulnerable to an out-of-bounds write that can occur in the BLE-L2CAP module. The Bluetooth Low Energy - Logical Link Control and Adaptation Layer Protocol (BLE-L2CAP) module handles fragmentation of packets up the configured MTU size. When fragments are reassembled, they are stored in a packet buffer of a configurable size, but there is no check to verify that the packet buffer is large enough to hold the reassembled packet. In Contiki-NG\u0027s default configuration, it is possible that an out-of-bounds write of up to 1152 bytes occurs. The vulnerability has been patched in the \"develop\" branch of Contiki-NG, and will be included in release 4.9. The problem can be fixed by applying the patch in Contiki-NG pull request #2254 prior to the release of version 4.9."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-25T06:15:34.128Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-qr4q-6h3m-h3g7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-qr4q-6h3m-h3g7"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/2254",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/2254"
}
],
"source": {
"advisory": "GHSA-qr4q-6h3m-h3g7",
"discovery": "UNKNOWN"
},
"title": "contiki-ng BLE-L2CAP contains Improper size validation of L2CAP frames"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-23609",
"datePublished": "2023-01-25T06:15:34.128Z",
"dateReserved": "2023-01-16T17:07:46.241Z",
"dateUpdated": "2024-08-02T10:35:33.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-34100
Vulnerability from cvelistv5
Published
2023-06-09 17:30
Modified
2024-08-02 16:01
Severity ?
EPSS score ?
Summary
Out-of-Bounds Read in contiki-ng
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-3v7c-jq9x-cmph | x_refsource_CONFIRM | |
| https://github.com/contiki-ng/contiki-ng/pull/2434/commits/cde4e98398a2f5b994972c8459342af3ba93b98e | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | contiki-ng | contiki-ng |
Version: <= 4.8 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:53.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-3v7c-jq9x-cmph",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-3v7c-jq9x-cmph"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/2434/commits/cde4e98398a2f5b994972c8459342af3ba93b98e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/2434/commits/cde4e98398a2f5b994972c8459342af3ba93b98e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"status": "affected",
"version": "\u003c= 4.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contiki-NG is an open-source, cross-platform operating system for IoT devices. When reading the TCP MSS option value from an incoming packet, the Contiki-NG OS does not verify that certain buffer indices to read from are within the bounds of the IPv6 packet buffer, uip_buf. In particular, there is a 2-byte buffer read in the module os/net/ipv6/uip6.c. The buffer is indexed using \u0027UIP_IPTCPH_LEN + 2 + c\u0027 and \u0027UIP_IPTCPH_LEN + 3 + c\u0027, but the uip_buf buffer may not have enough data, resulting in a 2-byte read out of bounds. The problem has been patched in the \"develop\" branch of Contiki-NG, and is expected to be included in release 4.9. Users are advised to watch for the 4.9 release and to upgrade when it becomes available. There are no workarounds for this vulnerability aside from manually patching with the diff in commit `cde4e9839`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-09T17:30:50.048Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-3v7c-jq9x-cmph",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-3v7c-jq9x-cmph"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/2434/commits/cde4e98398a2f5b994972c8459342af3ba93b98e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/2434/commits/cde4e98398a2f5b994972c8459342af3ba93b98e"
}
],
"source": {
"advisory": "GHSA-3v7c-jq9x-cmph",
"discovery": "UNKNOWN"
},
"title": "Out-of-Bounds Read in contiki-ng"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-34100",
"datePublished": "2023-06-09T17:30:50.048Z",
"dateReserved": "2023-05-25T21:56:51.245Z",
"dateUpdated": "2024-08-02T16:01:53.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1000804
Vulnerability from cvelistv5
Published
2018-10-08 15:00
Modified
2024-09-16 16:42
Severity ?
EPSS score ?
Summary
contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable via Attacker must be able to run malicious AQL code (e.g. via SQL-like Injection attack).
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/contiki-ng/contiki-ng/issues/594 | x_refsource_CONFIRM | |
| https://github.com/contiki-ng/contiki-ng/pull/624 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:40:47.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/issues/594"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/624"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable via Attacker must be able to run malicious AQL code (e.g. via SQL-like Injection attack)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-08T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contiki-ng/contiki-ng/issues/594"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/624"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-10-05T22:22:07.609207",
"DATE_REQUESTED": "2018-09-07T13:28:01",
"ID": "CVE-2018-1000804",
"REQUESTER": "cve.reporting@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable via Attacker must be able to run malicious AQL code (e.g. via SQL-like Injection attack)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/contiki-ng/contiki-ng/issues/594",
"refsource": "CONFIRM",
"url": "https://github.com/contiki-ng/contiki-ng/issues/594"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/624",
"refsource": "CONFIRM",
"url": "https://github.com/contiki-ng/contiki-ng/pull/624"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000804",
"datePublished": "2018-10-08T15:00:00Z",
"dateReserved": "2018-10-08T00:00:00Z",
"dateUpdated": "2024-09-16T16:42:43.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-41125
Vulnerability from cvelistv5
Published
2024-11-27 18:20
Modified
2024-11-27 19:22
Severity ?
EPSS score ?
Summary
Out-of-bounds read in SNMP when decoding a string in Contiki-NG
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-qjj3-gqx7-438w | x_refsource_CONFIRM | |
| https://github.com/contiki-ng/contiki-ng/pull/2936 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | contiki-ng | contiki-ng |
Version: <= 4.9 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:contiki-ng:contiki-ng:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"lessThanOrEqual": "4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41125",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T19:21:37.150794Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T19:22:42.056Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"status": "affected",
"version": "\u003c= 4.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the default Contiki-NG configuration. The vulnerability exists in the os/net/app-layer/snmp/snmp-ber.c module, where the function snmp_ber_decode_string_len_buffer decodes the string length from a received SNMP packet. In one place, one byte is read from the buffer, without checking that the buffer has another byte available, leading to a possible out-of-bounds read. The problem has been patched in Contiki-NG pull request #2936. It will be included in the next release of Contiki-NG. Users are advised to apply the patch manually or to wait for the next release. A workaround is to disable the SNMP module in the Contiki-NG build configuration."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T18:20:45.613Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-qjj3-gqx7-438w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-qjj3-gqx7-438w"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/2936",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/2936"
}
],
"source": {
"advisory": "GHSA-qjj3-gqx7-438w",
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds read in SNMP when decoding a string in Contiki-NG"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-41125",
"datePublished": "2024-11-27T18:20:45.613Z",
"dateReserved": "2024-07-15T15:53:28.323Z",
"dateUpdated": "2024-11-27T19:22:42.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-34101
Vulnerability from cvelistv5
Published
2023-06-14 14:50
Modified
2024-08-02 16:01
Severity ?
EPSS score ?
Summary
Contiki-NG vulnerable to out-of-bounds read when processing ICMP DAO input
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-fp66-ff6x-7w2w | x_refsource_CONFIRM | |
| https://github.com/contiki-ng/contiki-ng/pull/2435 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | contiki-ng | contiki-ng |
Version: <= 4.8 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:54.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-fp66-ff6x-7w2w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-fp66-ff6x-7w2w"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/2435",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/2435"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"status": "affected",
"version": "\u003c= 4.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contiki-NG is an operating system for internet of things devices. In version 4.8 and prior, when processing ICMP DAO packets in the `dao_input_storing` function, the Contiki-NG OS does not verify that the packet buffer is big enough to contain the bytes it needs before accessing them. Up to 16 bytes can be read out of bounds in the `dao_input_storing` function. An attacker can truncate an ICMP packet so that it does not contain enough data, leading to an out-of-bounds read on these lines. The problem has been patched in the \"develop\" branch of Contiki-NG, and is expected to be included in release 4.9. As a workaround, one can apply the changes in Contiki-NG pull request #2435 to patch the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-14T14:50:21.267Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-fp66-ff6x-7w2w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-fp66-ff6x-7w2w"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/2435",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/2435"
}
],
"source": {
"advisory": "GHSA-fp66-ff6x-7w2w",
"discovery": "UNKNOWN"
},
"title": "Contiki-NG vulnerable to out-of-bounds read when processing ICMP DAO input"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-34101",
"datePublished": "2023-06-14T14:50:21.267Z",
"dateReserved": "2023-05-25T21:56:51.245Z",
"dateUpdated": "2024-08-02T16:01:54.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-28116
Vulnerability from cvelistv5
Published
2023-03-17 21:22
Modified
2024-08-02 12:30
Severity ?
EPSS score ?
Summary
Buffer overflow in L2CAP due to misconfigured MTU
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-m737-4vx6-pfqp | x_refsource_CONFIRM | |
| https://github.com/contiki-ng/contiki-ng/pull/2398 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | contiki-ng | contiki-ng |
Version: <= 4.8 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:24.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-m737-4vx6-pfqp",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-m737-4vx6-pfqp"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/2398",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/2398"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"status": "affected",
"version": "\u003c= 4.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contiki-NG is an open-source, cross-platform operating system for internet of things (IoT) devices. In versions 4.8 and prior, an out-of-bounds write can occur in the BLE L2CAP module of the Contiki-NG operating system. The network stack of Contiki-NG uses a global buffer (packetbuf) for processing of packets, with the size of PACKETBUF_SIZE. In particular, when using the BLE L2CAP module with the default configuration, the PACKETBUF_SIZE value becomes larger then the actual size of the packetbuf. When large packets are processed by the L2CAP module, a buffer overflow can therefore occur when copying the packet data to the packetbuf. The vulnerability has been patched in the \"develop\" branch of Contiki-NG, and will be included in release 4.9. The problem can be worked around by applying the patch manually."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-17T21:22:54.703Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-m737-4vx6-pfqp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-m737-4vx6-pfqp"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/2398",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/2398"
}
],
"source": {
"advisory": "GHSA-m737-4vx6-pfqp",
"discovery": "UNKNOWN"
},
"title": "Buffer overflow in L2CAP due to misconfigured MTU"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-28116",
"datePublished": "2023-03-17T21:22:54.703Z",
"dateReserved": "2023-03-10T18:34:29.228Z",
"dateUpdated": "2024-08-02T12:30:24.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36054
Vulnerability from cvelistv5
Published
2022-09-01 12:10
Modified
2024-08-03 09:52
Severity ?
EPSS score ?
Summary
Out-of-bounds write when decompressing 6LoWPAN payload in Contiki-NG
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/contiki-ng/contiki-ng/pull/1648 | x_refsource_MISC | |
| https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-c36p-vhwg-244c | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | contiki-ng | contiki-ng |
Version: < 4.8 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/1648"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-c36p-vhwg-244c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"status": "affected",
"version": "\u003c 4.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in the Contiki-NG operating system (file os/net/ipv6/sicslowpan.c) contains an input function that processes incoming packets and copies them into a packet buffer. Because of a missing length check in the input function, it is possible to write outside the packet buffer\u0027s boundary. The vulnerability can be exploited by anyone who has the possibility to send 6LoWPAN packets to a Contiki-NG system. In particular, the vulnerability is exposed when sending either of two types of 6LoWPAN packets: an unfragmented packet or the first fragment of a fragmented packet. If the packet is sufficiently large, a subsequent memory copy will cause an out-of-bounds write with data supplied by the attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-01T12:10:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/1648"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-c36p-vhwg-244c"
}
],
"source": {
"advisory": "GHSA-c36p-vhwg-244c",
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds write when decompressing 6LoWPAN payload in Contiki-NG",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-36054",
"STATE": "PUBLIC",
"TITLE": "Out-of-bounds write when decompressing 6LoWPAN payload in Contiki-NG"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "contiki-ng",
"version": {
"version_data": [
{
"version_value": "\u003c 4.8"
}
]
}
}
]
},
"vendor_name": "contiki-ng"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in the Contiki-NG operating system (file os/net/ipv6/sicslowpan.c) contains an input function that processes incoming packets and copies them into a packet buffer. Because of a missing length check in the input function, it is possible to write outside the packet buffer\u0027s boundary. The vulnerability can be exploited by anyone who has the possibility to send 6LoWPAN packets to a Contiki-NG system. In particular, the vulnerability is exposed when sending either of two types of 6LoWPAN packets: an unfragmented packet or the first fragment of a fragmented packet. If the packet is sufficiently large, a subsequent memory copy will cause an out-of-bounds write with data supplied by the attacker."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/1648",
"refsource": "MISC",
"url": "https://github.com/contiki-ng/contiki-ng/pull/1648"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-c36p-vhwg-244c",
"refsource": "CONFIRM",
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-c36p-vhwg-244c"
}
]
},
"source": {
"advisory": "GHSA-c36p-vhwg-244c",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36054",
"datePublished": "2022-09-01T12:10:11",
"dateReserved": "2022-07-15T00:00:00",
"dateUpdated": "2024-08-03T09:52:00.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-35927
Vulnerability from cvelistv5
Published
2022-08-04 20:35
Modified
2024-08-03 09:51
Severity ?
EPSS score ?
Summary
Unverified DIO prefix info lengths in RPL-Classic in Contiki-NG
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-9rm9-3phh-p4wm | x_refsource_CONFIRM | |
| https://github.com/contiki-ng/contiki-ng/pull/1589 | x_refsource_MISC | |
| https://github.com/contiki-ng/contiki-ng/pull/1589/commits/4fffab0e632c4d01910fa957d1fd9ef321eb87d2 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | contiki-ng | contiki-ng |
Version: < 4.7 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:51:59.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-9rm9-3phh-p4wm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/1589"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/1589/commits/4fffab0e632c4d01910fa957d1fd9ef321eb87d2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"status": "affected",
"version": "\u003c 4.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contiki-NG is an open-source, cross-platform operating system for IoT devices. In the RPL-Classic routing protocol implementation in the Contiki-NG operating system, an incoming DODAG Information Option (DIO) control message can contain a prefix information option with a length parameter. The value of the length parameter is not validated, however, and it is possible to cause a buffer overflow when copying the prefix in the set_ip_from_prefix function. This vulnerability affects anyone running a Contiki-NG version prior to 4.7 that can receive RPL DIO messages from external parties. To obtain a patched version, users should upgrade to Contiki-NG 4.7 or later. There are no workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-04T20:35:14",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-9rm9-3phh-p4wm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/1589"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/1589/commits/4fffab0e632c4d01910fa957d1fd9ef321eb87d2"
}
],
"source": {
"advisory": "GHSA-9rm9-3phh-p4wm",
"discovery": "UNKNOWN"
},
"title": "Unverified DIO prefix info lengths in RPL-Classic in Contiki-NG",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-35927",
"STATE": "PUBLIC",
"TITLE": "Unverified DIO prefix info lengths in RPL-Classic in Contiki-NG"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "contiki-ng",
"version": {
"version_data": [
{
"version_value": "\u003c 4.7"
}
]
}
}
]
},
"vendor_name": "contiki-ng"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Contiki-NG is an open-source, cross-platform operating system for IoT devices. In the RPL-Classic routing protocol implementation in the Contiki-NG operating system, an incoming DODAG Information Option (DIO) control message can contain a prefix information option with a length parameter. The value of the length parameter is not validated, however, and it is possible to cause a buffer overflow when copying the prefix in the set_ip_from_prefix function. This vulnerability affects anyone running a Contiki-NG version prior to 4.7 that can receive RPL DIO messages from external parties. To obtain a patched version, users should upgrade to Contiki-NG 4.7 or later. There are no workarounds for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-9rm9-3phh-p4wm",
"refsource": "CONFIRM",
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-9rm9-3phh-p4wm"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/1589",
"refsource": "MISC",
"url": "https://github.com/contiki-ng/contiki-ng/pull/1589"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/1589/commits/4fffab0e632c4d01910fa957d1fd9ef321eb87d2",
"refsource": "MISC",
"url": "https://github.com/contiki-ng/contiki-ng/pull/1589/commits/4fffab0e632c4d01910fa957d1fd9ef321eb87d2"
}
]
},
"source": {
"advisory": "GHSA-9rm9-3phh-p4wm",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-35927",
"datePublished": "2022-08-04T20:35:14",
"dateReserved": "2022-07-15T00:00:00",
"dateUpdated": "2024-08-03T09:51:59.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-50927
Vulnerability from cvelistv5
Published
2024-02-14 19:22
Modified
2024-08-02 22:23
Severity ?
EPSS score ?
Summary
Insufficient boundary checks for DIO and DAO messages in RPL-Lite in Contiki-NG
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-9423-rgj4-wjfw | x_refsource_CONFIRM | |
| https://github.com/contiki-ng/contiki-ng/pull/2484 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | contiki-ng | contiki-ng |
Version: < 4.9 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:contiki-ng:contiki-ng:4.9:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"lessThan": "4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50927",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-15T16:42:01.347508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T15:45:17.437Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:23:43.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-9423-rgj4-wjfw",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-9423-rgj4-wjfw"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/2484",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/2484"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"status": "affected",
"version": "\u003c 4.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An attacker can trigger out-of-bounds reads in the RPL-Lite implementation of the RPL protocol in the Contiki-NG operating system. This vulnerability is caused by insufficient control of the lengths for DIO and DAO messages, in particular when they contain RPL sub-option headers. The problem has been patched in Contiki-NG 4.9. Users are advised to upgrade. Users unable to upgrade should manually apply the code changes in PR #2484."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T19:22:05.243Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-9423-rgj4-wjfw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-9423-rgj4-wjfw"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/2484",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/2484"
}
],
"source": {
"advisory": "GHSA-9423-rgj4-wjfw",
"discovery": "UNKNOWN"
},
"title": "Insufficient boundary checks for DIO and DAO messages in RPL-Lite in Contiki-NG"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-50927",
"datePublished": "2024-02-14T19:22:05.243Z",
"dateReserved": "2023-12-15T20:57:23.174Z",
"dateUpdated": "2024-08-02T22:23:43.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36052
Vulnerability from cvelistv5
Published
2022-09-01 12:05
Modified
2024-08-03 09:52
Severity ?
EPSS score ?
Summary
Out-of-bounds read when decompressing UDP header
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/contiki-ng/contiki-ng/pull/1648 | x_refsource_MISC | |
| https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-vwr8-6mqv-x7f5 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | contiki-ng | contiki-ng |
Version: < 4.8 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/1648"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-vwr8-6mqv-x7f5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"status": "affected",
"version": "\u003c 4.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in Contiki-NG may cast a UDP header structure at a certain offset in a packet buffer. The code does not check whether the packet buffer is large enough to fit a full UDP header structure from the offset where the casting is made. Hence, it is possible to cause an out-of-bounds read beyond the packet buffer. The problem affects anyone running devices with Contiki-NG versions previous to 4.8, and which may receive 6LoWPAN packets from external parties. The problem has been patched in Contiki-NG version 4.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-01T12:05:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/1648"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-vwr8-6mqv-x7f5"
}
],
"source": {
"advisory": "GHSA-vwr8-6mqv-x7f5",
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds read when decompressing UDP header",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-36052",
"STATE": "PUBLIC",
"TITLE": "Out-of-bounds read when decompressing UDP header"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "contiki-ng",
"version": {
"version_data": [
{
"version_value": "\u003c 4.8"
}
]
}
}
]
},
"vendor_name": "contiki-ng"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in Contiki-NG may cast a UDP header structure at a certain offset in a packet buffer. The code does not check whether the packet buffer is large enough to fit a full UDP header structure from the offset where the casting is made. Hence, it is possible to cause an out-of-bounds read beyond the packet buffer. The problem affects anyone running devices with Contiki-NG versions previous to 4.8, and which may receive 6LoWPAN packets from external parties. The problem has been patched in Contiki-NG version 4.8."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/1648",
"refsource": "MISC",
"url": "https://github.com/contiki-ng/contiki-ng/pull/1648"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-vwr8-6mqv-x7f5",
"refsource": "CONFIRM",
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-vwr8-6mqv-x7f5"
}
]
},
"source": {
"advisory": "GHSA-vwr8-6mqv-x7f5",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36052",
"datePublished": "2022-09-01T12:05:11",
"dateReserved": "2022-07-15T00:00:00",
"dateUpdated": "2024-08-03T09:52:00.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-8359
Vulnerability from cvelistv5
Published
2020-04-23 12:33
Modified
2024-08-04 21:17
Severity ?
EPSS score ?
Summary
An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. An out of bounds write is present in the data section during 6LoWPAN fragment re-assembly in the face of forged fragment offsets in os/net/ipv6/sicslowpan.c.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/contiki-ng/contiki-ng/pull/972 | x_refsource_CONFIRM | |
| https://github.com/contiki-ng/contiki-ng/releases/tag/release%2Fv4.4 | x_refsource_CONFIRM | |
| https://www.usenix.org/system/files/sec20summer_clements_prepub.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:30.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/972"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/releases/tag/release%2Fv4.4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.usenix.org/system/files/sec20summer_clements_prepub.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-09-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. An out of bounds write is present in the data section during 6LoWPAN fragment re-assembly in the face of forged fragment offsets in os/net/ipv6/sicslowpan.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-24T23:05:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/972"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contiki-ng/contiki-ng/releases/tag/release%2Fv4.4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.usenix.org/system/files/sec20summer_clements_prepub.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. An out of bounds write is present in the data section during 6LoWPAN fragment re-assembly in the face of forged fragment offsets in os/net/ipv6/sicslowpan.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/972",
"refsource": "CONFIRM",
"url": "https://github.com/contiki-ng/contiki-ng/pull/972"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/releases/tag/release%2Fv4.4",
"refsource": "CONFIRM",
"url": "https://github.com/contiki-ng/contiki-ng/releases/tag/release%2Fv4.4"
},
{
"name": "https://www.usenix.org/system/files/sec20summer_clements_prepub.pdf",
"refsource": "MISC",
"url": "https://www.usenix.org/system/files/sec20summer_clements_prepub.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-8359",
"datePublished": "2020-04-23T12:33:35",
"dateReserved": "2019-02-16T00:00:00",
"dateUpdated": "2024-08-04T21:17:30.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-48229
Vulnerability from cvelistv5
Published
2024-02-14 18:30
Modified
2024-08-02 21:23
Severity ?
EPSS score ?
Summary
Out-of-bounds write in the radio driver for Contiki-NG nRF platforms
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-rcwv-xwc9-5hp2 | x_refsource_CONFIRM | |
| https://github.com/contiki-ng/contiki-ng/pull/2741 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | contiki-ng | contiki-ng |
Version: <= 4.9 |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-48229",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-21T20:42:28.790349Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:39.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:23:39.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-rcwv-xwc9-5hp2",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-rcwv-xwc9-5hp2"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/2741",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/2741"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"status": "affected",
"version": "\u003c= 4.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds write exists in the driver for IEEE 802.15.4 radios on nRF platforms in the Contiki-NG operating system. The problem is triggered when parsing radio frames in the `read_frame` function in the `arch/cpu/nrf/net/nrf-ieee-driver-arch.c` module. More specifically, the `read_frame` function performs an incomplete validation of the payload length of the packet, which is a value that can be set by an external party that sends radio packets to a Contiki-NG system. Although the value is validated to be in the range of the MTU length, it is not validated to fit into the given buffer into which the packet will be copied. The problem has been patched in the \"develop\" branch of Contiki-NG and is expected to be included in subsequent releases. Users are advised to update their develop branch or to update to a subsequent release when available. Users unable to upgrade should consider manually applying the changes in PR #2741."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T18:30:31.708Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-rcwv-xwc9-5hp2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-rcwv-xwc9-5hp2"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/2741",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/2741"
}
],
"source": {
"advisory": "GHSA-rcwv-xwc9-5hp2",
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds write in the radio driver for Contiki-NG nRF platforms"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-48229",
"datePublished": "2024-02-14T18:30:31.708Z",
"dateReserved": "2023-11-13T13:25:18.481Z",
"dateUpdated": "2024-08-02T21:23:39.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-41126
Vulnerability from cvelistv5
Published
2024-11-27 18:20
Modified
2024-11-27 19:22
Severity ?
EPSS score ?
Summary
Out-of-bounds read when decoding SNMP messages in Contiki-NG
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-444j-93j3-5gj4 | x_refsource_CONFIRM | |
| https://github.com/contiki-ng/contiki-ng/pull/2937 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | contiki-ng | contiki-ng |
Version: <= 4.9 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:contiki-ng:contiki-ng:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"lessThanOrEqual": "4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41126",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T19:21:44.284259Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T19:22:41.923Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"status": "affected",
"version": "\u003c= 4.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the default Contiki-NG configuration. The vulnerability exists in the os/net/app-layer/snmp/snmp-message.c module, where the snmp_message_decode function fails to check the boundary of the message buffer when reading a byte from it immediately after decoding an object identifier (OID). The problem has been patched in Contiki-NG pull request 2937. It will be included in the next release of Contiki-NG. Users are advised to either apply the patch manually or to wait for the next release. A workaround is to disable the SNMP module in the Contiki-NG build configuration."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T18:20:43.701Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-444j-93j3-5gj4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-444j-93j3-5gj4"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/2937",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/2937"
}
],
"source": {
"advisory": "GHSA-444j-93j3-5gj4",
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds read when decoding SNMP messages in Contiki-NG"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-41126",
"datePublished": "2024-11-27T18:20:43.701Z",
"dateReserved": "2024-07-15T15:53:28.323Z",
"dateUpdated": "2024-11-27T19:22:41.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-37281
Vulnerability from cvelistv5
Published
2023-09-15 19:17
Modified
2024-09-25 18:05
Severity ?
EPSS score ?
Summary
Out-of-bounds read during IPHC address decompression
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-2v4c-9p48-g9pr | x_refsource_CONFIRM | |
| https://github.com/contiki-ng/contiki-ng/pull/2509 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | contiki-ng | contiki-ng |
Version: <= 4.9 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:09:34.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-2v4c-9p48-g9pr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-2v4c-9p48-g9pr"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/2509",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/2509"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37281",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T18:05:13.906668Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T18:05:23.793Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"status": "affected",
"version": "\u003c= 4.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when processing the various IPv6 header fields during IPHC header decompression, Contiki-NG confirms the received packet buffer contains enough data as needed for that field. But no similar check is done before decompressing the IPv6 address. Therefore, up to 16 bytes can be read out of bounds on the line with the statement `memcpy(\u0026ipaddr-\u003eu8[16 - postcount], iphc_ptr, postcount);`. The value of `postcount` depends on the address compression used in the received packet and can be controlled by the attacker. As a result, an attacker can inject a packet that causes an out-of-bound read. As of time of publication, a patched version is not available. As a workaround, one can apply the changes in Contiki-NG pull request #2509 to patch the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T19:17:53.739Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-2v4c-9p48-g9pr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-2v4c-9p48-g9pr"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/2509",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/2509"
}
],
"source": {
"advisory": "GHSA-2v4c-9p48-g9pr",
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds read during IPHC address decompression"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37281",
"datePublished": "2023-09-15T19:17:53.739Z",
"dateReserved": "2023-06-29T19:35:26.441Z",
"dateUpdated": "2024-09-25T18:05:23.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32771
Vulnerability from cvelistv5
Published
2022-08-04 20:25
Modified
2024-08-03 23:33
Severity ?
EPSS score ?
Summary
Buffer overflow in contiki-ng
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-jqjf-v7v9-xp6w | x_refsource_CONFIRM | |
| https://github.com/contiki-ng/contiki-ng/pull/1615 | x_refsource_MISC | |
| https://github.com/contiki-ng/contiki-ng/pull/1615/commits/587ae59956e00316fd44fd7072ac3a6a07b4b20f | x_refsource_MISC | |
| https://github.com/contiki-ng/contiki-ng/releases/tag/release%2Fv4.8 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | contiki-ng | contiki-ng |
Version: < 4.8 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-jqjf-v7v9-xp6w"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/1615"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/1615/commits/587ae59956e00316fd44fd7072ac3a6a07b4b20f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/releases/tag/release%2Fv4.8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"status": "affected",
"version": "\u003c 4.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contiki-NG is an open-source, cross-platform operating system for IoT devices. In affected versions it is possible to cause a buffer overflow when copying an IPv6 address prefix in the RPL-Classic implementation in Contiki-NG. In order to trigger the vulnerability, the Contiki-NG system must have joined an RPL DODAG. After that, an attacker can send a DAO packet with a Target option that contains a prefix length larger than 128 bits. The problem was fixed after the release of Contiki-NG 4.7. Users unable to upgrade may apply the patch in Contiki-NG PR #1615."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-04T20:25:16",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-jqjf-v7v9-xp6w"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/1615"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/1615/commits/587ae59956e00316fd44fd7072ac3a6a07b4b20f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/releases/tag/release%2Fv4.8"
}
],
"source": {
"advisory": "GHSA-jqjf-v7v9-xp6w",
"discovery": "UNKNOWN"
},
"title": "Buffer overflow in contiki-ng",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32771",
"STATE": "PUBLIC",
"TITLE": "Buffer overflow in contiki-ng"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "contiki-ng",
"version": {
"version_data": [
{
"version_value": "\u003c 4.8"
}
]
}
}
]
},
"vendor_name": "contiki-ng"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Contiki-NG is an open-source, cross-platform operating system for IoT devices. In affected versions it is possible to cause a buffer overflow when copying an IPv6 address prefix in the RPL-Classic implementation in Contiki-NG. In order to trigger the vulnerability, the Contiki-NG system must have joined an RPL DODAG. After that, an attacker can send a DAO packet with a Target option that contains a prefix length larger than 128 bits. The problem was fixed after the release of Contiki-NG 4.7. Users unable to upgrade may apply the patch in Contiki-NG PR #1615."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-jqjf-v7v9-xp6w",
"refsource": "CONFIRM",
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-jqjf-v7v9-xp6w"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/1615",
"refsource": "MISC",
"url": "https://github.com/contiki-ng/contiki-ng/pull/1615"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/1615/commits/587ae59956e00316fd44fd7072ac3a6a07b4b20f",
"refsource": "MISC",
"url": "https://github.com/contiki-ng/contiki-ng/pull/1615/commits/587ae59956e00316fd44fd7072ac3a6a07b4b20f"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/releases/tag/release%2Fv4.8",
"refsource": "MISC",
"url": "https://github.com/contiki-ng/contiki-ng/releases/tag/release%2Fv4.8"
}
]
},
"source": {
"advisory": "GHSA-jqjf-v7v9-xp6w",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32771",
"datePublished": "2022-08-04T20:25:16",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:33:55.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-50926
Vulnerability from cvelistv5
Published
2024-02-14 19:28
Modified
2024-08-02 22:23
Severity ?
EPSS score ?
Summary
Unvalidated DIO prefix info length in RPL-Lite in Contiki-NG
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-jp4p-fq85-jch2 | x_refsource_CONFIRM | |
| https://github.com/contiki-ng/contiki-ng/pull/2721 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | contiki-ng | contiki-ng |
Version: <= 4.9 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:contiki-ng:contiki-ng:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"lessThanOrEqual": "4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50926",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T18:20:51.715274Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T18:23:16.224Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:23:44.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-jp4p-fq85-jch2",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-jp4p-fq85-jch2"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/2721",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/2721"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"status": "affected",
"version": "\u003c= 4.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be caused by an incoming DIO message when using the RPL-Lite implementation in the Contiki-NG operating system. More specifically, the prefix information of the DIO message contains a field that specifies the length of an IPv6 address prefix. The value of this field is not validated, which means that an attacker can set a value that is longer than the maximum prefix length. Subsequently, a memcmp function call that compares different prefixes can be called with a length argument that surpasses the boundary of the array allocated for the prefix, causing an out-of-bounds read. The problem has been patched in the \"develop\" branch of Contiki-NG, and is expected to be included in the next release. Users are advised to update as soon as they are able to or to manually apply the changes in Contiki-NG pull request #2721."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T19:28:11.556Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-jp4p-fq85-jch2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-jp4p-fq85-jch2"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/2721",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/2721"
}
],
"source": {
"advisory": "GHSA-jp4p-fq85-jch2",
"discovery": "UNKNOWN"
},
"title": "Unvalidated DIO prefix info length in RPL-Lite in Contiki-NG"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-50926",
"datePublished": "2024-02-14T19:28:11.556Z",
"dateReserved": "2023-12-15T20:57:23.174Z",
"dateUpdated": "2024-08-02T22:23:44.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-30546
Vulnerability from cvelistv5
Published
2023-04-26 18:14
Modified
2024-08-02 14:28
Severity ?
EPSS score ?
Summary
Contiki-NG has off-by-one error in Antelope DBMS
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-257g-w39m-5jj4 | x_refsource_CONFIRM | |
| https://github.com/contiki-ng/contiki-ng/pull/2425 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | contiki-ng | contiki-ng |
Version: <= 4.8 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-257g-w39m-5jj4",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-257g-w39m-5jj4"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/2425",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/2425"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"status": "affected",
"version": "\u003c= 4.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contiki-NG is an operating system for Internet of Things devices. An off-by-one error can be triggered in the Antelope database management system in the Contiki-NG operating system in versions 4.8 and prior. The problem exists in the Contiki File System (CFS) backend for the storage of data (file os/storage/antelope/storage-cfs.c). In the functions `storage_get_index` and `storage_put_index`, a buffer for merging two strings is allocated with one byte less than the maximum size of the merged strings, causing subsequent function calls to the cfs_open function to read from memory beyond the buffer size. The vulnerability has been patched in the \"develop\" branch of Contiki-NG, and is expected to be included in the next release. As a workaround, the problem can be fixed by applying the patch in Contiki-NG pull request #2425."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193: Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-26T18:14:46.436Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-257g-w39m-5jj4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-257g-w39m-5jj4"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/2425",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/2425"
}
],
"source": {
"advisory": "GHSA-257g-w39m-5jj4",
"discovery": "UNKNOWN"
},
"title": "Contiki-NG has off-by-one error in Antelope DBMS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-30546",
"datePublished": "2023-04-26T18:14:46.436Z",
"dateReserved": "2023-04-12T15:19:33.767Z",
"dateUpdated": "2024-08-02T14:28:51.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47181
Vulnerability from cvelistv5
Published
2024-11-27 18:20
Modified
2024-11-27 19:20
Severity ?
EPSS score ?
Summary
Unaligned memory access in RPL option processing in Contiki-NG
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-crjw-x84h-h6x3 | x_refsource_CONFIRM | |
| https://github.com/contiki-ng/contiki-ng/pull/2962 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | contiki-ng | contiki-ng |
Version: <= 4.9 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:contiki-ng:contiki-ng:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"lessThanOrEqual": "4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47181",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T19:19:46.818743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T19:20:07.764Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"status": "affected",
"version": "\u003c= 4.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contiki-NG is an open-source, cross-platform operating system for IoT devices. An unaligned memory access can be triggered in the two RPL implementations of the Contiki-NG operating system. The problem can occur when either one of these RPL implementations is enabled and connected to an RPL instance. If an IPv6 packet containing an odd number of padded bytes before the RPL option, it can cause the rpl_ext_header_hbh_update function to read a 16-bit integer from an odd address. The impact of this unaligned read is architecture-dependent, but can potentially cause the system to crash. The problem has not been patched as of release 4.9, but will be included in the next release. One can apply the changes in Contiki-NG pull request #2962 to patch the system or wait for the next release."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-704",
"description": "CWE-704: Incorrect Type Conversion or Cast",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T18:20:41.583Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-crjw-x84h-h6x3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-crjw-x84h-h6x3"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/2962",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/2962"
}
],
"source": {
"advisory": "GHSA-crjw-x84h-h6x3",
"discovery": "UNKNOWN"
},
"title": "Unaligned memory access in RPL option processing in Contiki-NG"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47181",
"datePublished": "2024-11-27T18:20:41.583Z",
"dateReserved": "2024-09-19T22:32:11.963Z",
"dateUpdated": "2024-11-27T19:20:07.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-21410
Vulnerability from cvelistv5
Published
2021-06-18 21:00
Modified
2024-08-03 18:09
Severity ?
EPSS score ?
Summary
Out-of-bounds read in the 6LoWPAN implementation
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-hhwj-2p59-v8p9 | x_refsource_CONFIRM | |
| https://github.com/contiki-ng/contiki-ng/pull/1482 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | contiki-ng | contiki-ng |
Version: <= 4.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:16.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-hhwj-2p59-v8p9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/1482"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"status": "affected",
"version": "\u003c= 4.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be triggered by 6LoWPAN packets sent to devices running Contiki-NG 4.6 and prior. The IPv6 header decompression function (\u003ccode\u003euncompress_hdr_iphc\u003c/code\u003e) does not perform proper boundary checks when reading from the packet buffer. Hence, it is possible to construct a compressed 6LoWPAN packet that will read more bytes than what is available from the packet buffer. As of time of publication, there is not a release with a patch available. Users can apply the patch for this vulnerability out-of-band as a workaround."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-18T21:00:14",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-hhwj-2p59-v8p9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/1482"
}
],
"source": {
"advisory": "GHSA-hhwj-2p59-v8p9",
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds read in the 6LoWPAN implementation",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21410",
"STATE": "PUBLIC",
"TITLE": "Out-of-bounds read in the 6LoWPAN implementation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "contiki-ng",
"version": {
"version_data": [
{
"version_value": "\u003c= 4.6"
}
]
}
}
]
},
"vendor_name": "contiki-ng"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be triggered by 6LoWPAN packets sent to devices running Contiki-NG 4.6 and prior. The IPv6 header decompression function (\u003ccode\u003euncompress_hdr_iphc\u003c/code\u003e) does not perform proper boundary checks when reading from the packet buffer. Hence, it is possible to construct a compressed 6LoWPAN packet that will read more bytes than what is available from the packet buffer. As of time of publication, there is not a release with a patch available. Users can apply the patch for this vulnerability out-of-band as a workaround."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-hhwj-2p59-v8p9",
"refsource": "CONFIRM",
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-hhwj-2p59-v8p9"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/1482",
"refsource": "MISC",
"url": "https://github.com/contiki-ng/contiki-ng/pull/1482"
}
]
},
"source": {
"advisory": "GHSA-hhwj-2p59-v8p9",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21410",
"datePublished": "2021-06-18T21:00:14",
"dateReserved": "2020-12-22T00:00:00",
"dateUpdated": "2024-08-03T18:09:16.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-37459
Vulnerability from cvelistv5
Published
2023-09-15 19:19
Modified
2024-09-25 18:04
Severity ?
EPSS score ?
Summary
Out-of-bounds read when processing a received IPv6 packet
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-6648-m23r-hq8c | x_refsource_CONFIRM | |
| https://github.com/contiki-ng/contiki-ng/pull/2510 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | contiki-ng | contiki-ng |
Version: <= 4.9 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-6648-m23r-hq8c",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-6648-m23r-hq8c"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/2510",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/2510"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37459",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T18:03:53.467111Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T18:04:01.248Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"status": "affected",
"version": "\u003c= 4.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when a packet is received, the Contiki-NG network stack attempts to start the periodic TCP timer if it is a TCP packet with the SYN flag set. But the implementation does not first verify that a full TCP header has been received. Specifically, the implementation attempts to access the flags field from the TCP buffer in the following conditional expression in the `check_for_tcp_syn` function. For this reason, an attacker can inject a truncated TCP packet, which will lead to an out-of-bound read from the packet buffer. As of time of publication, a patched version is not available. As a workaround, one can apply the changes in Contiki-NG pull request #2510 to patch the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T19:19:30.232Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-6648-m23r-hq8c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-6648-m23r-hq8c"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/2510",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/2510"
}
],
"source": {
"advisory": "GHSA-6648-m23r-hq8c",
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds read when processing a received IPv6 packet"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37459",
"datePublished": "2023-09-15T19:19:30.232Z",
"dateReserved": "2023-07-06T13:01:36.996Z",
"dateUpdated": "2024-09-25T18:04:01.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-13988
Vulnerability from cvelistv5
Published
2020-12-11 21:37
Modified
2024-08-04 12:32
Severity ?
EPSS score ?
Summary
An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.kb.cert.org/vuls/id/815128 | x_refsource_MISC | |
| https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:32:14.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/815128"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-11T21:37:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.kb.cert.org/vuls/id/815128"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.kb.cert.org/vuls/id/815128",
"refsource": "MISC",
"url": "https://www.kb.cert.org/vuls/id/815128"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13988",
"datePublished": "2020-12-11T21:37:56",
"dateReserved": "2020-06-09T00:00:00",
"dateUpdated": "2024-08-04T12:32:14.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14934
Vulnerability from cvelistv5
Published
2020-08-18 16:25
Modified
2024-08-04 13:00
Severity ?
EPSS score ?
Summary
Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. The function parsing the received SNMP request does not verify the input message's requested variables against the capacity of the internal SNMP engine buffer. If the number of variables in the request exceeds the allocated buffer, a memory write out of the buffer boundaries occurs. This write operation provides a possibility to overwrite other variables allocated in the .bss section by the application. Because the sender of the frame is in control of the content that will be written beyond the buffer limits, and there is no strict process memory separation, this issue may allow overwriting of sensitive memory areas of an IoT device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://drive.google.com/file/d/1NIf0Y0S47Lu85uSi29kt9tgSh0jYZYfj/view?usp=sharing | x_refsource_MISC | |
| https://github.com/contiki-ng/contiki-ng/issues/1352 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:00:52.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/file/d/1NIf0Y0S47Lu85uSi29kt9tgSh0jYZYfj/view?usp=sharing"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/issues/1352"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. The function parsing the received SNMP request does not verify the input message\u0027s requested variables against the capacity of the internal SNMP engine buffer. If the number of variables in the request exceeds the allocated buffer, a memory write out of the buffer boundaries occurs. This write operation provides a possibility to overwrite other variables allocated in the .bss section by the application. Because the sender of the frame is in control of the content that will be written beyond the buffer limits, and there is no strict process memory separation, this issue may allow overwriting of sensitive memory areas of an IoT device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-18T16:25:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/file/d/1NIf0Y0S47Lu85uSi29kt9tgSh0jYZYfj/view?usp=sharing"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/issues/1352"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-14934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. The function parsing the received SNMP request does not verify the input message\u0027s requested variables against the capacity of the internal SNMP engine buffer. If the number of variables in the request exceeds the allocated buffer, a memory write out of the buffer boundaries occurs. This write operation provides a possibility to overwrite other variables allocated in the .bss section by the application. Because the sender of the frame is in control of the content that will be written beyond the buffer limits, and there is no strict process memory separation, this issue may allow overwriting of sensitive memory areas of an IoT device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drive.google.com/file/d/1NIf0Y0S47Lu85uSi29kt9tgSh0jYZYfj/view?usp=sharing",
"refsource": "MISC",
"url": "https://drive.google.com/file/d/1NIf0Y0S47Lu85uSi29kt9tgSh0jYZYfj/view?usp=sharing"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/issues/1352",
"refsource": "MISC",
"url": "https://github.com/contiki-ng/contiki-ng/issues/1352"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-14934",
"datePublished": "2020-08-18T16:25:51",
"dateReserved": "2020-06-21T00:00:00",
"dateUpdated": "2024-08-04T13:00:52.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14936
Vulnerability from cvelistv5
Published
2020-08-18 16:35
Modified
2024-08-04 13:00
Severity ?
EPSS score ?
Summary
Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. Functions parsing the OIDs in SNMP requests lack sufficient allocated target-buffer capacity verification when writing parsed OID values. The function snmp_oid_decode_oid() may overwrite memory areas beyond the provided target buffer, when called from snmp_message_decode() upon an SNMP request reception. Because the content of the write operations is externally provided in the SNMP requests, it enables a remote overwrite of an IoT device's memory regions beyond the allocated buffer. This overflow may allow remote overwrite of stack and statically allocated variables memory regions by sending a crafted SNMP request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://drive.google.com/file/d/1FypWH_g475jSL0mDFzquaATCeRIHQ2kj/view?usp=sharing | x_refsource_MISC | |
| https://github.com/contiki-ng/contiki-ng/issues/1351 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:00:52.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/file/d/1FypWH_g475jSL0mDFzquaATCeRIHQ2kj/view?usp=sharing"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/issues/1351"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. Functions parsing the OIDs in SNMP requests lack sufficient allocated target-buffer capacity verification when writing parsed OID values. The function snmp_oid_decode_oid() may overwrite memory areas beyond the provided target buffer, when called from snmp_message_decode() upon an SNMP request reception. Because the content of the write operations is externally provided in the SNMP requests, it enables a remote overwrite of an IoT device\u0027s memory regions beyond the allocated buffer. This overflow may allow remote overwrite of stack and statically allocated variables memory regions by sending a crafted SNMP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-18T16:35:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/file/d/1FypWH_g475jSL0mDFzquaATCeRIHQ2kj/view?usp=sharing"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/issues/1351"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-14936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. Functions parsing the OIDs in SNMP requests lack sufficient allocated target-buffer capacity verification when writing parsed OID values. The function snmp_oid_decode_oid() may overwrite memory areas beyond the provided target buffer, when called from snmp_message_decode() upon an SNMP request reception. Because the content of the write operations is externally provided in the SNMP requests, it enables a remote overwrite of an IoT device\u0027s memory regions beyond the allocated buffer. This overflow may allow remote overwrite of stack and statically allocated variables memory regions by sending a crafted SNMP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drive.google.com/file/d/1FypWH_g475jSL0mDFzquaATCeRIHQ2kj/view?usp=sharing",
"refsource": "MISC",
"url": "https://drive.google.com/file/d/1FypWH_g475jSL0mDFzquaATCeRIHQ2kj/view?usp=sharing"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/issues/1351",
"refsource": "MISC",
"url": "https://github.com/contiki-ng/contiki-ng/issues/1351"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-14936",
"datePublished": "2020-08-18T16:35:20",
"dateReserved": "2020-06-21T00:00:00",
"dateUpdated": "2024-08-04T13:00:52.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41873
Vulnerability from cvelistv5
Published
2022-11-11 00:00
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
Out-of-bounds read and write in BLE L2CAP module
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | contiki-ng | contiki-ng |
Version: < 4.9 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:38.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-m5cj-fw8m-ffgf"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/2081"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"status": "affected",
"version": "\u003c 4.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 are vulnerable to an Out-of-bounds read. While processing the L2CAP protocol, the Bluetooth Low Energy stack of Contiki-NG needs to map an incoming channel ID to its metadata structure. While looking up the corresponding channel structure in get_channel_for_cid (in os/net/mac/ble/ble-l2cap.c), a bounds check is performed on the incoming channel ID, which is meant to ensure that the channel ID does not exceed the maximum number of supported channels.However, an integer truncation issue leads to only the lowest byte of the channel ID to be checked, which leads to an incomplete out-of-bounds check. A crafted channel ID leads to out-of-bounds memory to be read and written with attacker-controlled data. The vulnerability has been patched in the \"develop\" branch of Contiki-NG, and will be included in release 4.9. As a workaround, Users can apply the patch in Contiki-NG pull request 2081 on GitHub."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-11T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-m5cj-fw8m-ffgf"
},
{
"url": "https://github.com/contiki-ng/contiki-ng/pull/2081"
}
],
"source": {
"advisory": "GHSA-m5cj-fw8m-ffgf",
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds read and write in BLE L2CAP module"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-41873",
"datePublished": "2022-11-11T00:00:00",
"dateReserved": "2022-09-30T00:00:00",
"dateUpdated": "2024-08-03T12:56:38.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12140
Vulnerability from cvelistv5
Published
2021-12-07 18:23
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
A buffer overflow in os/net/mac/ble/ble-l2cap.c in the BLE stack in Contiki-NG 4.4 and earlier allows an attacker to execute arbitrary code via malicious L2CAP frames.
References
| ▼ | URL | Tags |
|---|---|---|
| https://twitter.com/ScepticCtf | x_refsource_MISC | |
| https://github.com/contiki-ng/contiki-ng/pull/1662 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:58.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/ScepticCtf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/1662"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow in os/net/mac/ble/ble-l2cap.c in the BLE stack in Contiki-NG 4.4 and earlier allows an attacker to execute arbitrary code via malicious L2CAP frames."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-07T18:23:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/ScepticCtf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/1662"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow in os/net/mac/ble/ble-l2cap.c in the BLE stack in Contiki-NG 4.4 and earlier allows an attacker to execute arbitrary code via malicious L2CAP frames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://twitter.com/ScepticCtf",
"refsource": "MISC",
"url": "https://twitter.com/ScepticCtf"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/1662",
"refsource": "MISC",
"url": "https://github.com/contiki-ng/contiki-ng/pull/1662"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12140",
"datePublished": "2021-12-07T18:23:51",
"dateReserved": "2020-04-24T00:00:00",
"dateUpdated": "2024-08-04T11:48:58.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}