CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-14937
https://notcve.org/view.php?id=CVE-2020-14937
18 Aug 2020 — Memory access out of buffer boundaries issues was discovered in Contiki-NG 4.4 through 4.5, in the SNMP BER encoder/decoder. The length of provided input/output buffers is insufficiently verified during the encoding and decoding of data. This may lead to out-of-bounds buffer read or write access in BER decoding and encoding functions. Se detectaron problemas de acceso a la memoria fuera de límites del búfer en Contiki-NG versiones 4.4 hasta 4.5, en el encoder/decoder BER de SNMP. La longitud de los búferes ... • https://drive.google.com/file/d/1mAkJBVZNv5PMVwLojru0njH38zEXpWui/view?usp=sharing • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-9183
https://notcve.org/view.php?id=CVE-2019-9183
23 Apr 2020 — An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. A buffer overflow is present due to an integer underflow during 6LoWPAN fragment processing in the face of truncated fragments in os/net/ipv6/sicslowpan.c. This results in accesses of unmapped memory, crashing the application. An attacker can cause a denial-of-service via a crafted 6LoWPAN frame. Se descubrió un problema en Contiki-NG a través de 4.3 y Contiki a través de 3.0. • https://github.com/contiki-ng/contiki-ng/pull/972 • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-8359
https://notcve.org/view.php?id=CVE-2019-8359
23 Apr 2020 — An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. An out of bounds write is present in the data section during 6LoWPAN fragment re-assembly in the face of forged fragment offsets in os/net/ipv6/sicslowpan.c. Se detectó un problema en Contiki-NG versiones hasta 4.3 y Contiki versiones hasta 3.0. Una escritura fuera de límites está presente en la sección de datos durante el reensamblaje de fragmentos 6LoWPAN frente a las compensaciones de fragmentos forjados en el archivo os/net/ipv6/... • https://github.com/contiki-ng/contiki-ng/pull/972 • CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20579
https://notcve.org/view.php?id=CVE-2018-20579
28 Dec 2018 — Contiki-NG before 4.2 has a stack-based buffer overflow in the push function in os/lib/json/jsonparse.c that allows an out-of-bounds write of an '{' or '[' character. Contiki-NG, en versiones anteriores a la 4.2, tiene un desbordamiento de búfer basado en pila en la función push en os/lib/json/jsonparse.c que permite una escritura fuera de límites de un carácter "{" o "[". • https://github.com/contiki-ng/contiki-ng/issues/601 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 6%CPEs: 1EXPL: 1CVE-2018-19417
https://notcve.org/view.php?id=CVE-2018-19417
21 Nov 2018 — An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function parse_publish_vhdr() that parses MQTT PUBLISH messages with a variable length header uses memcpy to input data into a fixed size buffer. The allocated buffer can fit only MQTT_MAX_TOPIC_LENGTH (default 64) bytes, and a length check is missing. This could lead to Remote Code Execution via a stack-smashing attack (overwriting the function return address). Contiki-NG does not separate the MQTT server from other servers and the OS... • https://github.com/contiki-ng/contiki-ng/issues/600 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 11%CPEs: 1EXPL: 1CVE-2018-1000804
https://notcve.org/view.php?id=CVE-2018-1000804
08 Oct 2018 — contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable via Attacker must be able to run malicious AQL code (e.g. via SQL-like Injection attack). contiki-ng 4 contiene una vulnerabilidad de desbordamiento de búfer en el motor de la base de datos AQL (Antelope Query Language) que puede resultar en que un atacante... • https://github.com/contiki-ng/contiki-ng/issues/594 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16663
https://notcve.org/view.php?id=CVE-2018-16663
07 Sep 2018 — An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in parse_relations in os/storage/antelope/aql-parser.c while parsing AQL (storage of relations). Se ha descubierto un problema en Contiki-NG hasta su versión 4.1. Hay un desbordamiento de búfer basado en pila en parse_relations en os/storage/antelope/aql-parser.c al analizar AQL (almacenamiento de relaciones). • https://github.com/contiki-ng/contiki-ng/issues/599 • CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16664
https://notcve.org/view.php?id=CVE-2018-16664
07 Sep 2018 — An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow in lvm_set_type in os/storage/antelope/lvm.c while parsing AQL (lvm_set_op, lvm_set_relation, lvm_set_operand). Se ha descubierto un problema en Contiki-NG hasta su versión 4.1. Hay un desbordamiento de búfer en lvm_set_type en os/storage/antelope/lvm.c al analizar AQL (lvm_set_op, lvm_set_relation y lvm_set_operand). • https://github.com/contiki-ng/contiki-ng/issues/596 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16665
https://notcve.org/view.php?id=CVE-2018-16665
07 Sep 2018 — An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow while parsing AQL in lvm_shift_for_operator in os/storage/antelope/lvm.c. Se ha descubierto un problema en Contiki-NG hasta su versión 4.1. Hay un desbordamiento de búfer al analizar AQL en lvm_shift_for_operator en os/storage/antelope/lvm.c. • https://github.com/contiki-ng/contiki-ng/issues/598 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16666
https://notcve.org/view.php?id=CVE-2018-16666
07 Sep 2018 — An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in next_string in os/storage/antelope/aql-lexer.c while parsing AQL (parsing next string). Se ha descubierto un problema en Contiki-NG hasta su versión 4.1. Hay un desbordamiento de búfer basado en pila en next_string en os/storage/antelope/aql-lexer.c al analizar AQL (análisis de la siguiente cadena). • https://github.com/contiki-ng/contiki-ng/issues/595 • CWE-787: Out-of-bounds Write •