CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34101 – Contiki-NG vulnerable to out-of-bounds read when processing ICMP DAO input
https://notcve.org/view.php?id=CVE-2023-34101
14 Jun 2023 — Contiki-NG is an operating system for internet of things devices. In version 4.8 and prior, when processing ICMP DAO packets in the `dao_input_storing` function, the Contiki-NG OS does not verify that the packet buffer is big enough to contain the bytes it needs before accessing them. Up to 16 bytes can be read out of bounds in the `dao_input_storing` function. An attacker can truncate an ICMP packet so that it does not contain enough data, leading to an out-of-bounds read on these lines. The problem has be... • https://github.com/contiki-ng/contiki-ng/pull/2435 • CWE-125: Out-of-bounds Read •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34100 – Out-of-Bounds Read in contiki-ng
https://notcve.org/view.php?id=CVE-2023-34100
09 Jun 2023 — Contiki-NG is an open-source, cross-platform operating system for IoT devices. When reading the TCP MSS option value from an incoming packet, the Contiki-NG OS does not verify that certain buffer indices to read from are within the bounds of the IPv6 packet buffer, uip_buf. In particular, there is a 2-byte buffer read in the module os/net/ipv6/uip6.c. The buffer is indexed using 'UIP_IPTCPH_LEN + 2 + c' and 'UIP_IPTCPH_LEN + 3 + c', but the uip_buf buffer may not have enough data, resulting in a 2-byte read... • https://github.com/contiki-ng/contiki-ng/pull/2434/commits/cde4e98398a2f5b994972c8459342af3ba93b98e • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31129 – Contiki-NG missing NULL pointer check in IPv6 neighbor discovery
https://notcve.org/view.php?id=CVE-2023-31129
08 May 2023 — The Contiki-NG operating system versions 4.8 and prior can be triggered to dereference a NULL pointer in the message handling code for IPv6 router solicitiations. Contiki-NG contains an implementation of IPv6 Neighbor Discovery (ND) in the module `os/net/ipv6/uip-nd6.c`. The ND protocol includes a message type called Router Solicitation (RS), which is used to locate routers and update their address information via the SLLAO (Source Link-Layer Address Option). If the indicated source address changes, a given... • https://github.com/contiki-ng/contiki-ng/pull/2271 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30546 – Contiki-NG has off-by-one error in Antelope DBMS
https://notcve.org/view.php?id=CVE-2023-30546
26 Apr 2023 — Contiki-NG is an operating system for Internet of Things devices. An off-by-one error can be triggered in the Antelope database management system in the Contiki-NG operating system in versions 4.8 and prior. The problem exists in the Contiki File System (CFS) backend for the storage of data (file os/storage/antelope/storage-cfs.c). In the functions `storage_get_index` and `storage_put_index`, a buffer for merging two strings is allocated with one byte less than the maximum size of the merged strings, causin... • https://github.com/contiki-ng/contiki-ng/pull/2425 • CWE-125: Out-of-bounds Read CWE-193: Off-by-one Error •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28116 – Buffer overflow in L2CAP due to misconfigured MTU
https://notcve.org/view.php?id=CVE-2023-28116
17 Mar 2023 — Contiki-NG is an open-source, cross-platform operating system for internet of things (IoT) devices. In versions 4.8 and prior, an out-of-bounds write can occur in the BLE L2CAP module of the Contiki-NG operating system. The network stack of Contiki-NG uses a global buffer (packetbuf) for processing of packets, with the size of PACKETBUF_SIZE. In particular, when using the BLE L2CAP module with the default configuration, the PACKETBUF_SIZE value becomes larger then the actual size of the packetbuf. When larg... • https://github.com/contiki-ng/contiki-ng/pull/2398 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23609 – contiki-ng BLE-L2CAP contains Improper size validation of L2CAP frames
https://notcve.org/view.php?id=CVE-2023-23609
25 Jan 2023 — Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to and including 4.8 are vulnerable to an out-of-bounds write that can occur in the BLE-L2CAP module. The Bluetooth Low Energy - Logical Link Control and Adaptation Layer Protocol (BLE-L2CAP) module handles fragmentation of packets up the configured MTU size. When fragments are reassembled, they are stored in a packet buffer of a configurable size, but there is no check to verify that the packet buf... • https://github.com/contiki-ng/contiki-ng/pull/2254 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41972 – Contiki-NG contains NULL Pointer Dereference in BLE L2CAP module
https://notcve.org/view.php?id=CVE-2022-41972
16 Dec 2022 — Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 contain a NULL Pointer Dereference in BLE L2CAP module. The Contiki-NG operating system for IoT devices contains a Bluetooth Low Energy stack. An attacker can inject a packet in this stack, which causes the implementation to dereference a NULL pointer and triggers undefined behavior. More specifically, while processing the L2CAP protocol, the implementation maps an incoming channel ID to its ... • https://github.com/contiki-ng/contiki-ng/pull/2253 • CWE-476: NULL Pointer Dereference •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41873 – Out-of-bounds read and write in BLE L2CAP module
https://notcve.org/view.php?id=CVE-2022-41873
11 Nov 2022 — Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 are vulnerable to an Out-of-bounds read. While processing the L2CAP protocol, the Bluetooth Low Energy stack of Contiki-NG needs to map an incoming channel ID to its metadata structure. While looking up the corresponding channel structure in get_channel_for_cid (in os/net/mac/ble/ble-l2cap.c), a bounds check is performed on the incoming channel ID, which is meant to ensure that the channel ID... • https://github.com/contiki-ng/contiki-ng/pull/2081 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36054 – Out-of-bounds write when decompressing 6LoWPAN payload in Contiki-NG
https://notcve.org/view.php?id=CVE-2022-36054
01 Sep 2022 — Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in the Contiki-NG operating system (file os/net/ipv6/sicslowpan.c) contains an input function that processes incoming packets and copies them into a packet buffer. Because of a missing length check in the input function, it is possible to write outside the packet buffer's boundary. The vulnerability can be exploited by anyone who has the possibility to send 6LoWPAN packets to a Contiki-N... • https://github.com/contiki-ng/contiki-ng/pull/1648 • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36052 – Out-of-bounds read when decompressing UDP header
https://notcve.org/view.php?id=CVE-2022-36052
01 Sep 2022 — Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in Contiki-NG may cast a UDP header structure at a certain offset in a packet buffer. The code does not check whether the packet buffer is large enough to fit a full UDP header structure from the offset where the casting is made. Hence, it is possible to cause an out-of-bounds read beyond the packet buffer. The problem affects anyone running devices with Contiki-NG versions previous to 4... • https://github.com/contiki-ng/contiki-ng/pull/1648 • CWE-125: Out-of-bounds Read •