CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-21280 – Out-of-bounds write when processing 6LoWPAN extension headers
https://notcve.org/view.php?id=CVE-2021-21280
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. It is possible to cause an out-of-bounds write in versions of Contiki-NG prior to 4.6 when transmitting a 6LoWPAN packet with a chain of extension headers. Unfortunately, the written header is not checked to be within the available space, thereby making it possible to write outside the buffer. The problem has been patched in Contiki-NG 4.6. Users can apply the patch for this vulnerability out-of-band as a workaround. • https://github.com/contiki-ng/contiki-ng/pull/1409 https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-r768-hrhf-v592 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21281 – Buffer overflow due to unvalidated TCP data offset
https://notcve.org/view.php?id=CVE-2021-21281
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. A buffer overflow vulnerability exists in Contiki-NG versions prior to 4.6. After establishing a TCP socket using the tcp-socket library, it is possible for the remote end to send a packet with a data offset that is unvalidated. The problem has been patched in Contiki-NG 4.6. Users can apply the patch for this vulnerability out-of-band as a workaround. • https://github.com/contiki-ng/contiki-ng/pull/1366 https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-mc42-fqfr-h9fp • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21282 – Buffer overflow in RPL source routing header processing
https://notcve.org/view.php?id=CVE-2021-21282
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In versions prior to 4.5, buffer overflow can be triggered by an input packet when using either of Contiki-NG's two RPL implementations in source-routing mode. The problem has been patched in Contiki-NG 4.5. Users can apply the patch for this vulnerability out-of-band as a workaround. Contiki-NG es un sistema operativo de código abierto y multiplataforma para dispositivos del Internet de las cosas. • https://github.com/contiki-ng/contiki-ng/pull/1183 https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-6xf2-77gf-fgjx • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 0CVE-2020-24336
https://notcve.org/view.php?id=CVE-2020-24336
An issue was discovered in Contiki through 3.0 and Contiki-NG through 4.5. The code for parsing Type A domain name answers in ip64-dns64.c doesn't verify whether the address in the answer's length is sane. Therefore, when copying an address of an arbitrary length, a buffer overflow can occur. This bug can be exploited whenever NAT64 is enabled. Se detectó un problema en Contiki versiones hasta 3.0 y Contiki-NG versiones hasta 4.5. • https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01 https://www.kb.cert.org/vuls/id/815128 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14936
https://notcve.org/view.php?id=CVE-2020-14936
Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. Functions parsing the OIDs in SNMP requests lack sufficient allocated target-buffer capacity verification when writing parsed OID values. The function snmp_oid_decode_oid() may overwrite memory areas beyond the provided target buffer, when called from snmp_message_decode() upon an SNMP request reception. Because the content of the write operations is externally provided in the SNMP requests, it enables a remote overwrite of an IoT device's memory regions beyond the allocated buffer. This overflow may allow remote overwrite of stack and statically allocated variables memory regions by sending a crafted SNMP request. • https://drive.google.com/file/d/1FypWH_g475jSL0mDFzquaATCeRIHQ2kj/view?usp=sharing https://github.com/contiki-ng/contiki-ng/issues/1351 • CWE-787: Out-of-bounds Write •