Page 3 of 53 results (0.014 seconds)

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

In Contiki 4.5, TCP ISNs are improperly random. En Contiki 4.5, los ISN de TCP son incorrectamente aleatorios. • https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01 https://www.forescout.com https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks • CWE-330: Use of Insufficiently Random Values •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when a packet is received, the Contiki-NG network stack attempts to start the periodic TCP timer if it is a TCP packet with the SYN flag set. But the implementation does not first verify that a full TCP header has been received. Specifically, the implementation attempts to access the flags field from the TCP buffer in the following conditional expression in the `check_for_tcp_syn` function. For this reason, an attacker can inject a truncated TCP packet, which will lead to an out-of-bound read from the packet buffer. • https://github.com/contiki-ng/contiki-ng/pull/2510 https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-6648-m23r-hq8c • CWE-125: Out-of-bounds Read •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when processing the various IPv6 header fields during IPHC header decompression, Contiki-NG confirms the received packet buffer contains enough data as needed for that field. But no similar check is done before decompressing the IPv6 address. Therefore, up to 16 bytes can be read out of bounds on the line with the statement `memcpy(&ipaddr->u8[16 - postcount], iphc_ptr, postcount);`. The value of `postcount` depends on the address compression used in the received packet and can be controlled by the attacker. • https://github.com/contiki-ng/contiki-ng/pull/2509 https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-2v4c-9p48-g9pr • CWE-125: Out-of-bounds Read •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

Contiki-NG is an operating system for internet of things devices. In version 4.8 and prior, when processing ICMP DAO packets in the `dao_input_storing` function, the Contiki-NG OS does not verify that the packet buffer is big enough to contain the bytes it needs before accessing them. Up to 16 bytes can be read out of bounds in the `dao_input_storing` function. An attacker can truncate an ICMP packet so that it does not contain enough data, leading to an out-of-bounds read on these lines. The problem has been patched in the "develop" branch of Contiki-NG, and is expected to be included in release 4.9. • https://github.com/contiki-ng/contiki-ng/pull/2435 https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-fp66-ff6x-7w2w • CWE-125: Out-of-bounds Read •

CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0

Contiki-NG is an open-source, cross-platform operating system for IoT devices. When reading the TCP MSS option value from an incoming packet, the Contiki-NG OS does not verify that certain buffer indices to read from are within the bounds of the IPv6 packet buffer, uip_buf. In particular, there is a 2-byte buffer read in the module os/net/ipv6/uip6.c. The buffer is indexed using 'UIP_IPTCPH_LEN + 2 + c' and 'UIP_IPTCPH_LEN + 3 + c', but the uip_buf buffer may not have enough data, resulting in a 2-byte read out of bounds. The problem has been patched in the "develop" branch of Contiki-NG, and is expected to be included in release 4.9. • https://github.com/contiki-ng/contiki-ng/pull/2434/commits/cde4e98398a2f5b994972c8459342af3ba93b98e https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-3v7c-jq9x-cmph • CWE-125: Out-of-bounds Read •