CVE-2018-1000804
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable via Attacker must be able to run malicious AQL code (e.g. via SQL-like Injection attack).
contiki-ng 4 contiene una vulnerabilidad de desbordamiento de búfer en el motor de la base de datos AQL (Antelope Query Language) que puede resultar en que un atacante ejecute código remotamente en el dispositivo mediante el sistema operativo de Contiki-NG. Este ataque parece ser explotable mediante un atacante que pueda ejecutar código AQL malicioso (p.ej., mediante un ataque de inyección de tipo SQL).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-10-08 CVE Reserved
- 2018-10-08 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/contiki-ng/contiki-ng/issues/594 | 2024-09-16 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/contiki-ng/contiki-ng/pull/624 | 2019-09-27 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Contiki-ng Search vendor "Contiki-ng" | Contiki-ng Search vendor "Contiki-ng" for product "Contiki-ng" | 4.0 Search vendor "Contiki-ng" for product "Contiki-ng" and version "4.0" | - |
Affected
| ||||||