CVSS: 10.0EPSS: 6%CPEs: 1EXPL: 1CVE-2018-19417
https://notcve.org/view.php?id=CVE-2018-19417
21 Nov 2018 — An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function parse_publish_vhdr() that parses MQTT PUBLISH messages with a variable length header uses memcpy to input data into a fixed size buffer. The allocated buffer can fit only MQTT_MAX_TOPIC_LENGTH (default 64) bytes, and a length check is missing. This could lead to Remote Code Execution via a stack-smashing attack (overwriting the function return address). Contiki-NG does not separate the MQTT server from other servers and the OS... • https://github.com/contiki-ng/contiki-ng/issues/600 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 11%CPEs: 1EXPL: 1CVE-2018-1000804
https://notcve.org/view.php?id=CVE-2018-1000804
08 Oct 2018 — contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable via Attacker must be able to run malicious AQL code (e.g. via SQL-like Injection attack). contiki-ng 4 contiene una vulnerabilidad de desbordamiento de búfer en el motor de la base de datos AQL (Antelope Query Language) que puede resultar en que un atacante... • https://github.com/contiki-ng/contiki-ng/issues/594 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16663
https://notcve.org/view.php?id=CVE-2018-16663
07 Sep 2018 — An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in parse_relations in os/storage/antelope/aql-parser.c while parsing AQL (storage of relations). Se ha descubierto un problema en Contiki-NG hasta su versión 4.1. Hay un desbordamiento de búfer basado en pila en parse_relations en os/storage/antelope/aql-parser.c al analizar AQL (almacenamiento de relaciones). • https://github.com/contiki-ng/contiki-ng/issues/599 • CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16664
https://notcve.org/view.php?id=CVE-2018-16664
07 Sep 2018 — An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow in lvm_set_type in os/storage/antelope/lvm.c while parsing AQL (lvm_set_op, lvm_set_relation, lvm_set_operand). Se ha descubierto un problema en Contiki-NG hasta su versión 4.1. Hay un desbordamiento de búfer en lvm_set_type en os/storage/antelope/lvm.c al analizar AQL (lvm_set_op, lvm_set_relation y lvm_set_operand). • https://github.com/contiki-ng/contiki-ng/issues/596 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16665
https://notcve.org/view.php?id=CVE-2018-16665
07 Sep 2018 — An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow while parsing AQL in lvm_shift_for_operator in os/storage/antelope/lvm.c. Se ha descubierto un problema en Contiki-NG hasta su versión 4.1. Hay un desbordamiento de búfer al analizar AQL en lvm_shift_for_operator en os/storage/antelope/lvm.c. • https://github.com/contiki-ng/contiki-ng/issues/598 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16666
https://notcve.org/view.php?id=CVE-2018-16666
07 Sep 2018 — An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in next_string in os/storage/antelope/aql-lexer.c while parsing AQL (parsing next string). Se ha descubierto un problema en Contiki-NG hasta su versión 4.1. Hay un desbordamiento de búfer basado en pila en next_string en os/storage/antelope/aql-lexer.c al analizar AQL (análisis de la siguiente cadena). • https://github.com/contiki-ng/contiki-ng/issues/595 • CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16667
https://notcve.org/view.php?id=CVE-2018-16667
07 Sep 2018 — An issue was discovered in Contiki-NG through 4.1. There is a buffer over-read in lookup in os/storage/antelope/lvm.c while parsing AQL (lvm_register_variable, lvm_set_variable_value, create_intersection, create_union). Se ha descubierto un problema en Contiki-NG hasta su versión 4.1. Hay una sobrelectura de búfer en lookup en os/storage/antelope/lvm.c al analizar AQL (lvm_register_variable, lvm_set_variable_value, create_intersection y create_union). • https://github.com/contiki-ng/contiki-ng/issues/597 • CWE-125: Out-of-bounds Read •