CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21281 – Buffer overflow due to unvalidated TCP data offset
https://notcve.org/view.php?id=CVE-2021-21281
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. A buffer overflow vulnerability exists in Contiki-NG versions prior to 4.6. After establishing a TCP socket using the tcp-socket library, it is possible for the remote end to send a packet with a data offset that is unvalidated. The problem has been patched in Contiki-NG 4.6. Users can apply the patch for this vulnerability out-of-band as a workaround. • https://github.com/contiki-ng/contiki-ng/pull/1366 https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-mc42-fqfr-h9fp • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21282 – Buffer overflow in RPL source routing header processing
https://notcve.org/view.php?id=CVE-2021-21282
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In versions prior to 4.5, buffer overflow can be triggered by an input packet when using either of Contiki-NG's two RPL implementations in source-routing mode. The problem has been patched in Contiki-NG 4.5. Users can apply the patch for this vulnerability out-of-band as a workaround. Contiki-NG es un sistema operativo de código abierto y multiplataforma para dispositivos del Internet de las cosas. • https://github.com/contiki-ng/contiki-ng/pull/1183 https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-6xf2-77gf-fgjx • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 0CVE-2020-24336
https://notcve.org/view.php?id=CVE-2020-24336
An issue was discovered in Contiki through 3.0 and Contiki-NG through 4.5. The code for parsing Type A domain name answers in ip64-dns64.c doesn't verify whether the address in the answer's length is sane. Therefore, when copying an address of an arbitrary length, a buffer overflow can occur. This bug can be exploited whenever NAT64 is enabled. Se detectó un problema en Contiki versiones hasta 3.0 y Contiki-NG versiones hasta 4.5. • https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01 https://www.kb.cert.org/vuls/id/815128 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13988
https://notcve.org/view.php?id=CVE-2020-13988
An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c. Se detectó un problema en Contiki versiones hasta 3.0. Se presenta un Desbordamiento de Enteros en el componente uIP TCP/IP Stack cuando se analizan las opciones TCP MSS de los paquetes de red IPv4 en la función uip_process en el archivo net/ipv4/uip.c • https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01 https://www.kb.cert.org/vuls/id/815128 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14936
https://notcve.org/view.php?id=CVE-2020-14936
Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. Functions parsing the OIDs in SNMP requests lack sufficient allocated target-buffer capacity verification when writing parsed OID values. The function snmp_oid_decode_oid() may overwrite memory areas beyond the provided target buffer, when called from snmp_message_decode() upon an SNMP request reception. Because the content of the write operations is externally provided in the SNMP requests, it enables a remote overwrite of an IoT device's memory regions beyond the allocated buffer. This overflow may allow remote overwrite of stack and statically allocated variables memory regions by sending a crafted SNMP request. • https://drive.google.com/file/d/1FypWH_g475jSL0mDFzquaATCeRIHQ2kj/view?usp=sharing https://github.com/contiki-ng/contiki-ng/issues/1351 • CWE-787: Out-of-bounds Write •