CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2020-13987 – Ubuntu Security Notice USN-6259-1
https://notcve.org/view.php?id=CVE-2020-13987
11 Dec 2020 — An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c. Se detectó un problema en Contiki versiones hasta 3.0. Se presenta una vulnerabilidad de Lectura Fuera de Límites en el componente uIP TCP/IP Stack cuando se calculan las sumas de comprobación para paquetes IP en la función upper_layer_chksum en el archivo net/ipv4/uip.c Jos Wetzels, Stanislav ... • https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13986
https://notcve.org/view.php?id=CVE-2020-13986
11 Dec 2020 — An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c. Se detectó un problema en Contiki versiones hasta 3.0. Se presenta un bucle infinito en el componente uIP TCP/IP Stack cuando se manejan encabezados de extensión RPL de paquetes de red IPv6 en la función rpl_remove_header en el archivo net/rpl/rpl-ext-header.c • https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13985
https://notcve.org/view.php?id=CVE-2020-13985
11 Dec 2020 — An issue was discovered in Contiki through 3.0. A memory corruption vulnerability exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c. Se detectó un problema en Contiki versiones hasta 3.0. Se presenta una vulnerabilidad de corrupción de memoria en el componente uIP TCP/IP Stack cuando se manejan encabezados de extensión RPL de paquetes de red IPv6 en la función rpl_remove_header en el archivo net/rpl/rpl-... • https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01 • CWE-190: Integer Overflow or Wraparound CWE-681: Incorrect Conversion between Numeric Types CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13984
https://notcve.org/view.php?id=CVE-2020-13984
11 Dec 2020 — An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when processing IPv6 extension headers in ext_hdr_options_process in net/ipv6/uip6.c. Se detectó un problema en Contiki versiones hasta 3.0. Se presenta un bucle infinito en el componente uIP TCP/IP Stack cuando se procesan encabezados de extensión IPv6 en la función ext_hdr_options_process en el archivo net/ipv6/uip6.c • https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-9183
https://notcve.org/view.php?id=CVE-2019-9183
23 Apr 2020 — An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. A buffer overflow is present due to an integer underflow during 6LoWPAN fragment processing in the face of truncated fragments in os/net/ipv6/sicslowpan.c. This results in accesses of unmapped memory, crashing the application. An attacker can cause a denial-of-service via a crafted 6LoWPAN frame. Se descubrió un problema en Contiki-NG a través de 4.3 y Contiki a través de 3.0. • https://github.com/contiki-ng/contiki-ng/pull/972 • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-8359
https://notcve.org/view.php?id=CVE-2019-8359
23 Apr 2020 — An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. An out of bounds write is present in the data section during 6LoWPAN fragment re-assembly in the face of forged fragment offsets in os/net/ipv6/sicslowpan.c. Se detectó un problema en Contiki-NG versiones hasta 4.3 y Contiki versiones hasta 3.0. Una escritura fuera de límites está presente en la sección de datos durante el reensamblaje de fragmentos 6LoWPAN frente a las compensaciones de fragmentos forjados en el archivo os/net/ipv6/... • https://github.com/contiki-ng/contiki-ng/pull/972 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7295
https://notcve.org/view.php?id=CVE-2017-7295
28 May 2017 — An issue was discovered in Contiki Operating System 3.0. A use-after-free vulnerability exists in httpd-simple.c in cc26xx-web-demo httpd, where upon a connection close event, the http_state structure was not deallocated properly, resulting in a NULL pointer dereference in the output processing function. This resulted in a board crash, which can be used to perform denial of service. Fue detectado un problema en el Contiki Operating System versión 3.0. Se presenta una vulnerabilidad de uso de la memoria prev... • https://gist.github.com/jackmcbride/c9328627f1ee104ce84f3fb7eff42f1e • CWE-416: Use After Free •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7296
https://notcve.org/view.php?id=CVE-2017-7296
28 May 2017 — An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page (aka mqtt.html) of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configure that device's operation by sending HTTP POST requests. The vulnerability consists of improper input sanitisation of the text fields on the MQTT/IBM Cloud config page, allowing for JavaScript code injection. • http://www.securityfocus.com/bid/98790 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •