CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35926 – Out-of-bounds read in IPv6 neighbor solicitation in Contiki-NG
https://notcve.org/view.php?id=CVE-2022-35926
Contiki-NG is an open-source, cross-platform operating system for IoT devices. Because of insufficient validation of IPv6 neighbor discovery options in Contiki-NG, attackers can send neighbor solicitation packets that trigger an out-of-bounds read. The problem exists in the module os/net/ipv6/uip-nd6.c, where memory read operations from the main packet buffer, <code>uip_buf</code>, are not checked if they go out of bounds. In particular, this problem can occur when attempting to read the 2-byte option header and the Source Link-Layer Address Option (SLLAO). This attack requires ipv6 be enabled for the network. • https://github.com/contiki-ng/contiki-ng/pull/1654 https://github.com/contiki-ng/contiki-ng/pull/1654/commits/a4597001d50a04f4b9c78f323ba731e2f979802c https://github.com/contiki-ng/contiki-ng/releases/tag/release%2Fv4.8 https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-4hpq-4f53-w386 • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32771 – Buffer overflow in contiki-ng
https://notcve.org/view.php?id=CVE-2021-32771
Contiki-NG is an open-source, cross-platform operating system for IoT devices. In affected versions it is possible to cause a buffer overflow when copying an IPv6 address prefix in the RPL-Classic implementation in Contiki-NG. In order to trigger the vulnerability, the Contiki-NG system must have joined an RPL DODAG. After that, an attacker can send a DAO packet with a Target option that contains a prefix length larger than 128 bits. The problem was fixed after the release of Contiki-NG 4.7. • https://github.com/contiki-ng/contiki-ng/pull/1615 https://github.com/contiki-ng/contiki-ng/pull/1615/commits/587ae59956e00316fd44fd7072ac3a6a07b4b20f https://github.com/contiki-ng/contiki-ng/releases/tag/release%2Fv4.8 https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-jqjf-v7v9-xp6w • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12140
https://notcve.org/view.php?id=CVE-2020-12140
A buffer overflow in os/net/mac/ble/ble-l2cap.c in the BLE stack in Contiki-NG 4.4 and earlier allows an attacker to execute arbitrary code via malicious L2CAP frames. Un desbordamiento de búfer en el archivo os/net/mac/ble/ble-l2cap.c en la pila BLE en Contiki-NG versiones 4.4 y anteriores, permite a un atacante ejecutar código arbitrario por medio de tramas L2CAP maliciosas • https://github.com/contiki-ng/contiki-ng/pull/1662 https://twitter.com/ScepticCtf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12141
https://notcve.org/view.php?id=CVE-2020-12141
An out-of-bounds read in the SNMP stack in Contiki-NG 4.4 and earlier allows an attacker to cause a denial of service and potentially disclose information via crafted SNMP packets to snmp_ber_decode_string_len_buffer in os/net/app-layer/snmp/snmp-ber.c. Una lectura fuera de límites en la pila SNMP de Contiki-NG versiones 4.4 y anteriores, permite a un atacante causar una denegación de servicio y potencialmente revelar información por medio de paquetes SNMP diseñados en la función snmp_ber_decode_string_len_buffer en el archivo os/net/app-layer/snmp/snmp-ber.c • https://github.com/contiki-ng/contiki-ng/commit/12c824386ab60de757de5001974d73b32e19ad71#diff-32367fad664c6118fd5dda77cdf38eedc006cdd7544eca5bbeebe0b99653f8a0 https://github.com/contiki-ng/contiki-ng/pull/1355 https://twitter.com/ScepticCtf • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21410 – Out-of-bounds read in the 6LoWPAN implementation
https://notcve.org/view.php?id=CVE-2021-21410
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be triggered by 6LoWPAN packets sent to devices running Contiki-NG 4.6 and prior. The IPv6 header decompression function (<code>uncompress_hdr_iphc</code>) does not perform proper boundary checks when reading from the packet buffer. Hence, it is possible to construct a compressed 6LoWPAN packet that will read more bytes than what is available from the packet buffer. As of time of publication, there is not a release with a patch available. • https://github.com/contiki-ng/contiki-ng/pull/1482 https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-hhwj-2p59-v8p9 • CWE-125: Out-of-bounds Read •