CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21281 – Buffer overflow due to unvalidated TCP data offset
https://notcve.org/view.php?id=CVE-2021-21281
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. A buffer overflow vulnerability exists in Contiki-NG versions prior to 4.6. After establishing a TCP socket using the tcp-socket library, it is possible for the remote end to send a packet with a data offset that is unvalidated. The problem has been patched in Contiki-NG 4.6. Users can apply the patch for this vulnerability out-of-band as a workaround. • https://github.com/contiki-ng/contiki-ng/pull/1366 https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-mc42-fqfr-h9fp • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21282 – Buffer overflow in RPL source routing header processing
https://notcve.org/view.php?id=CVE-2021-21282
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In versions prior to 4.5, buffer overflow can be triggered by an input packet when using either of Contiki-NG's two RPL implementations in source-routing mode. The problem has been patched in Contiki-NG 4.5. Users can apply the patch for this vulnerability out-of-band as a workaround. Contiki-NG es un sistema operativo de código abierto y multiplataforma para dispositivos del Internet de las cosas. • https://github.com/contiki-ng/contiki-ng/pull/1183 https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-6xf2-77gf-fgjx • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 0CVE-2020-24336
https://notcve.org/view.php?id=CVE-2020-24336
An issue was discovered in Contiki through 3.0 and Contiki-NG through 4.5. The code for parsing Type A domain name answers in ip64-dns64.c doesn't verify whether the address in the answer's length is sane. Therefore, when copying an address of an arbitrary length, a buffer overflow can occur. This bug can be exploited whenever NAT64 is enabled. Se detectó un problema en Contiki versiones hasta 3.0 y Contiki-NG versiones hasta 4.5. • https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01 https://www.kb.cert.org/vuls/id/815128 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-14935
https://notcve.org/view.php?id=CVE-2020-14935
Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP bulk get request response encoding function. The function parsing the received SNMP request does not verify the input message's requested variables against the capacity of the internal SNMP engine buffer. When a bulk get request response is assembled, a stack buffer dedicated for OIDs (with a limited capacity) is allocated in snmp_engine_get_bulk(). When snmp_engine_get_bulk() is populating the stack buffer, an overflow condition may occur due to lack of input length validation. This makes it possible to overwrite stack regions beyond the allocated buffer, including the return address from the function. • https://drive.google.com/file/d/1qp3ZXaFRiR_imWg0lUbI7-D-hIT268EB/view?usp=sharing https://github.com/contiki-ng/contiki-ng/issues/1353 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-9183
https://notcve.org/view.php?id=CVE-2019-9183
An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. A buffer overflow is present due to an integer underflow during 6LoWPAN fragment processing in the face of truncated fragments in os/net/ipv6/sicslowpan.c. This results in accesses of unmapped memory, crashing the application. An attacker can cause a denial-of-service via a crafted 6LoWPAN frame. Se descubrió un problema en Contiki-NG a través de 4.3 y Contiki a través de 3.0. • https://github.com/contiki-ng/contiki-ng/pull/972 https://github.com/contiki-ng/contiki-ng/releases/tag/release%2Fv4.4 https://www.usenix.org/system/files/sec20summer_clements_prepub.pdf • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-787: Out-of-bounds Write •