CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50926 – Unvalidated DIO prefix info length in RPL-Lite in Contiki-NG
https://notcve.org/view.php?id=CVE-2023-50926
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be caused by an incoming DIO message when using the RPL-Lite implementation in the Contiki-NG operating system. More specifically, the prefix information of the DIO message contains a field that specifies the length of an IPv6 address prefix. The value of this field is not validated, which means that an attacker can set a value that is longer than the maximum prefix length. Subsequently, a memcmp function call that compares different prefixes can be called with a length argument that surpasses the boundary of the array allocated for the prefix, causing an out-of-bounds read. • https://github.com/contiki-ng/contiki-ng/pull/2721 https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-jp4p-fq85-jch2 • CWE-125: Out-of-bounds Read •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50927 – Insufficient boundary checks for DIO and DAO messages in RPL-Lite in Contiki-NG
https://notcve.org/view.php?id=CVE-2023-50927
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An attacker can trigger out-of-bounds reads in the RPL-Lite implementation of the RPL protocol in the Contiki-NG operating system. This vulnerability is caused by insufficient control of the lengths for DIO and DAO messages, in particular when they contain RPL sub-option headers. The problem has been patched in Contiki-NG 4.9. Users are advised to upgrade. • https://github.com/contiki-ng/contiki-ng/pull/2484 https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-9423-rgj4-wjfw • CWE-125: Out-of-bounds Read •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48229 – Out-of-bounds write in the radio driver for Contiki-NG nRF platforms
https://notcve.org/view.php?id=CVE-2023-48229
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds write exists in the driver for IEEE 802.15.4 radios on nRF platforms in the Contiki-NG operating system. The problem is triggered when parsing radio frames in the `read_frame` function in the `arch/cpu/nrf/net/nrf-ieee-driver-arch.c` module. More specifically, the `read_frame` function performs an incomplete validation of the payload length of the packet, which is a value that can be set by an external party that sends radio packets to a Contiki-NG system. Although the value is validated to be in the range of the MTU length, it is not validated to fit into the given buffer into which the packet will be copied. • https://github.com/contiki-ng/contiki-ng/pull/2741 https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-rcwv-xwc9-5hp2 • CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42147
https://notcve.org/view.php?id=CVE-2021-42147
Buffer over-read vulnerability in the dtls_sha256_update function in Contiki-NG tinyDTLS through master branch 53a0d97 allows remote attackers to cause a denial of service via crafted data packet. Vulnerabilidad de lectura excesiva del búfer en la función dtls_sha256_update en Contiki-NG tinyDTLS a través de la rama maestra 53a0d97 permite a atacantes remotos provocar una denegación de servicio a través de un paquete de datos manipulado. • https://seclists.org/fulldisclosure/2024/Jan/20 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42146
https://notcve.org/view.php?id=CVE-2021-42146
An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows remote attackers to obtain sensitive application (data of connected clients). Se descubrió un problema en Contiki-NG tinyDTLS a través de la rama maestra 53a0d97. Los servidores DTLS permiten a atacantes remotos reutilizar el mismo número de época dentro de dos veces la vida útil máxima del segmento TCP, lo cual está prohibido en RFC6347. • https://seclists.org/fulldisclosure/2024/Jan/19 • CWE-755: Improper Handling of Exceptional Conditions •