CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42144 – Contiki-NG tinyDTLS dtls_ccm_decrypt_message() Buffer Overread
https://notcve.org/view.php?id=CVE-2021-42144
18 Jan 2024 — Buffer over-read vulnerability in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers obtain sensitive information via crafted input to dtls_ccm_decrypt_message(). Vulnerabilidad de lectura excesiva del búfer en Contiki-NG tinyDTLS a través de la rama maestra 53a0d97 permite a los atacantes obtener información confidencial a través de entradas manipuladas en dtls_ccm_decrypt_message(). An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. Incorrect handling of over-large... • https://seclists.org/fulldisclosure/2024/Jan/17 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42145 – Contiki-NG tinyDTLS check_certificate_request() Denial of Service
https://notcve.org/view.php?id=CVE-2021-42145
18 Jan 2024 — An assertion failure discovered in in check_certificate_request() in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers to cause a denial of service. Un error de aserción descubierto en check_certificate_request() en Contiki-NG tinyDTLS a través de la rama maestra 53a0d97 permite a los atacantes provocar una denegación de servicio. An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. An assertion failure in check_certificate_request() causes the server to exit unexpect... • https://seclists.org/fulldisclosure/2024/Jan/18 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42146 – Contiki-NG tinyDTLS Epoch Number Reuse
https://notcve.org/view.php?id=CVE-2021-42146
18 Jan 2024 — An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows remote attackers to obtain sensitive application (data of connected clients). Se descubrió un problema en Contiki-NG tinyDTLS a través de la rama maestra 53a0d97. Los servidores DTLS permiten a atacantes remotos reutilizar el mismo número de época dentro de ... • https://seclists.org/fulldisclosure/2024/Jan/19 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42147 – Contiki-NG tinyDTLS Buffer Over-Read / Denial of Service
https://notcve.org/view.php?id=CVE-2021-42147
18 Jan 2024 — Buffer over-read vulnerability in the dtls_sha256_update function in Contiki-NG tinyDTLS through master branch 53a0d97 allows remote attackers to cause a denial of service via crafted data packet. Vulnerabilidad de lectura excesiva del búfer en la función dtls_sha256_update en Contiki-NG tinyDTLS a través de la rama maestra 53a0d97 permite a atacantes remotos provocar una denegación de servicio a través de un paquete de datos manipulado. An issue was discovered in Contiki-NG tinyDTLS versions through 2018-0... • https://seclists.org/fulldisclosure/2024/Jan/20 • CWE-125: Out-of-bounds Read •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27634
https://notcve.org/view.php?id=CVE-2020-27634
10 Oct 2023 — In Contiki 4.5, TCP ISNs are improperly random. En Contiki 4.5, los ISN de TCP son incorrectamente aleatorios. • https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01 • CWE-330: Use of Insufficiently Random Values •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37459 – Out-of-bounds read when processing a received IPv6 packet
https://notcve.org/view.php?id=CVE-2023-37459
15 Sep 2023 — Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when a packet is received, the Contiki-NG network stack attempts to start the periodic TCP timer if it is a TCP packet with the SYN flag set. But the implementation does not first verify that a full TCP header has been received. Specifically, the implementation attempts to access the flags field from the TCP buffer in the following conditional expression in the `check_for_tcp_syn` function. For this reason, an attac... • https://github.com/contiki-ng/contiki-ng/pull/2510 • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37281 – Out-of-bounds read during IPHC address decompression
https://notcve.org/view.php?id=CVE-2023-37281
15 Sep 2023 — Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when processing the various IPv6 header fields during IPHC header decompression, Contiki-NG confirms the received packet buffer contains enough data as needed for that field. But no similar check is done before decompressing the IPv6 address. Therefore, up to 16 bytes can be read out of bounds on the line with the statement `memcpy(&ipaddr->u8[16 - postcount], iphc_ptr, postcount);`. The value of `postcount` depends... • https://github.com/contiki-ng/contiki-ng/pull/2509 • CWE-125: Out-of-bounds Read •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34101 – Contiki-NG vulnerable to out-of-bounds read when processing ICMP DAO input
https://notcve.org/view.php?id=CVE-2023-34101
14 Jun 2023 — Contiki-NG is an operating system for internet of things devices. In version 4.8 and prior, when processing ICMP DAO packets in the `dao_input_storing` function, the Contiki-NG OS does not verify that the packet buffer is big enough to contain the bytes it needs before accessing them. Up to 16 bytes can be read out of bounds in the `dao_input_storing` function. An attacker can truncate an ICMP packet so that it does not contain enough data, leading to an out-of-bounds read on these lines. The problem has be... • https://github.com/contiki-ng/contiki-ng/pull/2435 • CWE-125: Out-of-bounds Read •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34100 – Out-of-Bounds Read in contiki-ng
https://notcve.org/view.php?id=CVE-2023-34100
09 Jun 2023 — Contiki-NG is an open-source, cross-platform operating system for IoT devices. When reading the TCP MSS option value from an incoming packet, the Contiki-NG OS does not verify that certain buffer indices to read from are within the bounds of the IPv6 packet buffer, uip_buf. In particular, there is a 2-byte buffer read in the module os/net/ipv6/uip6.c. The buffer is indexed using 'UIP_IPTCPH_LEN + 2 + c' and 'UIP_IPTCPH_LEN + 3 + c', but the uip_buf buffer may not have enough data, resulting in a 2-byte read... • https://github.com/contiki-ng/contiki-ng/pull/2434/commits/cde4e98398a2f5b994972c8459342af3ba93b98e • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31129 – Contiki-NG missing NULL pointer check in IPv6 neighbor discovery
https://notcve.org/view.php?id=CVE-2023-31129
08 May 2023 — The Contiki-NG operating system versions 4.8 and prior can be triggered to dereference a NULL pointer in the message handling code for IPv6 router solicitiations. Contiki-NG contains an implementation of IPv6 Neighbor Discovery (ND) in the module `os/net/ipv6/uip-nd6.c`. The ND protocol includes a message type called Router Solicitation (RS), which is used to locate routers and update their address information via the SLLAO (Source Link-Layer Address Option). If the indicated source address changes, a given... • https://github.com/contiki-ng/contiki-ng/pull/2271 • CWE-476: NULL Pointer Dereference •