CVE-2017-7295
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Contiki Operating System 3.0. A use-after-free vulnerability exists in httpd-simple.c in cc26xx-web-demo httpd, where upon a connection close event, the http_state structure was not deallocated properly, resulting in a NULL pointer dereference in the output processing function. This resulted in a board crash, which can be used to perform denial of service.
Fue detectado un problema en el Contiki Operating System versión 3.0. Se presenta una vulnerabilidad de uso de la memoria previamente liberada en el archivo httpd-simple.c en httpd cc26xx-web-demo, donde en un evento de cierre de conexión, la estructura http_state no se desasigna apropiadamente, resultando en una desreferencia de puntero NULL en la función de procesamiento de salida. Esto resulta en un bloqueo de tarjeta, que se puede utilizar para realizar la denegación de servicio.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-03-28 CVE Reserved
- 2017-05-28 CVE Published
- 2023-04-06 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://gist.github.com/jackmcbride/c9328627f1ee104ce84f3fb7eff42f1e | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Contiki-os Search vendor "Contiki-os" | Contiki Search vendor "Contiki-os" for product "Contiki" | 3.0 Search vendor "Contiki-os" for product "Contiki" and version "3.0" | - |
Affected
| ||||||