CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29001 – Uncontrolled recursion due to insufficient validation of the IPv6 source routing header in Contiki-NG
https://notcve.org/view.php?id=CVE-2023-29001
27 Nov 2024 — Contiki-NG is an open-source, cross-platform operating system for IoT devices. The Contiki-NG operating system processes source routing headers (SRH) in its two alternative RPL protocol implementations. The IPv6 implementation uses the results of this processing to determine whether an incoming packet should be forwarded to another host. Because of missing validation of the resulting next-hop address, an uncontrolled recursion may occur in the tcpip_ipv6_output function in the os/net/ipv6/tcpip.c module whe... • https://github.com/contiki-ng/contiki-ng/pull/2264 • CWE-674: Uncontrolled Recursion •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41125 – Out-of-bounds read in SNMP when decoding a string in Contiki-NG
https://notcve.org/view.php?id=CVE-2024-41125
27 Nov 2024 — Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the default Contiki-NG configuration. The vulnerability exists in the os/net/app-layer/snmp/snmp-ber.c module, where the function snmp_ber_decode_string_len_buffer decodes the string length from a received SNMP packet. In one place, one byte is read from the b... • https://github.com/contiki-ng/contiki-ng/pull/2936 • CWE-125: Out-of-bounds Read •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41126 – Out-of-bounds read when decoding SNMP messages in Contiki-NG
https://notcve.org/view.php?id=CVE-2024-41126
27 Nov 2024 — Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the default Contiki-NG configuration. The vulnerability exists in the os/net/app-layer/snmp/snmp-message.c module, where the snmp_message_decode function fails to check the boundary of the message buffer when reading a byte from it immediately after decoding a... • https://github.com/contiki-ng/contiki-ng/pull/2937 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47181 – Unaligned memory access in RPL option processing in Contiki-NG
https://notcve.org/view.php?id=CVE-2024-47181
27 Nov 2024 — Contiki-NG is an open-source, cross-platform operating system for IoT devices. An unaligned memory access can be triggered in the two RPL implementations of the Contiki-NG operating system. The problem can occur when either one of these RPL implementations is enabled and connected to an RPL instance. If an IPv6 packet containing an odd number of padded bytes before the RPL option, it can cause the rpl_ext_header_hbh_update function to read a 16-bit integer from an odd address. The impact of this unaligned r... • https://github.com/contiki-ng/contiki-ng/pull/2962 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50926 – Unvalidated DIO prefix info length in RPL-Lite in Contiki-NG
https://notcve.org/view.php?id=CVE-2023-50926
14 Feb 2024 — Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be caused by an incoming DIO message when using the RPL-Lite implementation in the Contiki-NG operating system. More specifically, the prefix information of the DIO message contains a field that specifies the length of an IPv6 address prefix. The value of this field is not validated, which means that an attacker can set a value that is longer than the maximum prefix length. Subsequently, ... • https://github.com/contiki-ng/contiki-ng/pull/2721 • CWE-125: Out-of-bounds Read •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50927 – Insufficient boundary checks for DIO and DAO messages in RPL-Lite in Contiki-NG
https://notcve.org/view.php?id=CVE-2023-50927
14 Feb 2024 — Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An attacker can trigger out-of-bounds reads in the RPL-Lite implementation of the RPL protocol in the Contiki-NG operating system. This vulnerability is caused by insufficient control of the lengths for DIO and DAO messages, in particular when they contain RPL sub-option headers. The problem has been patched in Contiki-NG 4.9. Users are advised to upgrade. • https://github.com/contiki-ng/contiki-ng/pull/2484 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48229 – Out-of-bounds write in the radio driver for Contiki-NG nRF platforms
https://notcve.org/view.php?id=CVE-2023-48229
14 Feb 2024 — Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds write exists in the driver for IEEE 802.15.4 radios on nRF platforms in the Contiki-NG operating system. The problem is triggered when parsing radio frames in the `read_frame` function in the `arch/cpu/nrf/net/nrf-ieee-driver-arch.c` module. More specifically, the `read_frame` function performs an incomplete validation of the payload length of the packet, which is a value that can be set by an ext... • https://github.com/contiki-ng/contiki-ng/pull/2741 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42146 – Contiki-NG tinyDTLS Epoch Number Reuse
https://notcve.org/view.php?id=CVE-2021-42146
18 Jan 2024 — An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows remote attackers to obtain sensitive application (data of connected clients). Se descubrió un problema en Contiki-NG tinyDTLS a través de la rama maestra 53a0d97. Los servidores DTLS permiten a atacantes remotos reutilizar el mismo número de época dentro de ... • https://seclists.org/fulldisclosure/2024/Jan/19 • CWE-303: Incorrect Implementation of Authentication Algorithm CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42145 – Contiki-NG tinyDTLS check_certificate_request() Denial of Service
https://notcve.org/view.php?id=CVE-2021-42145
18 Jan 2024 — An assertion failure discovered in in check_certificate_request() in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers to cause a denial of service. Un error de aserción descubierto en check_certificate_request() en Contiki-NG tinyDTLS a través de la rama maestra 53a0d97 permite a los atacantes provocar una denegación de servicio. An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. An assertion failure in check_certificate_request() causes the server to exit unexpect... • https://seclists.org/fulldisclosure/2024/Jan/18 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42147 – Contiki-NG tinyDTLS Buffer Over-Read / Denial of Service
https://notcve.org/view.php?id=CVE-2021-42147
18 Jan 2024 — Buffer over-read vulnerability in the dtls_sha256_update function in Contiki-NG tinyDTLS through master branch 53a0d97 allows remote attackers to cause a denial of service via crafted data packet. Vulnerabilidad de lectura excesiva del búfer en la función dtls_sha256_update en Contiki-NG tinyDTLS a través de la rama maestra 53a0d97 permite a atacantes remotos provocar una denegación de servicio a través de un paquete de datos manipulado. An issue was discovered in Contiki-NG tinyDTLS versions through 2018-0... • https://seclists.org/fulldisclosure/2024/Jan/20 • CWE-125: Out-of-bounds Read •