// For flags

CVE-2018-19417

 

Severity Score

10.0
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function parse_publish_vhdr() that parses MQTT PUBLISH messages with a variable length header uses memcpy to input data into a fixed size buffer. The allocated buffer can fit only MQTT_MAX_TOPIC_LENGTH (default 64) bytes, and a length check is missing. This could lead to Remote Code Execution via a stack-smashing attack (overwriting the function return address). Contiki-NG does not separate the MQTT server from other servers and the OS modules, so access to all memory regions is possible.

Se ha descubierto un problema en el servidor MQTT en Contiki-NG, en versiones anteriores a la 4.2. La función parse_publish_vhdr() que analiza los mensajes MQTT PUBLISH con una cabecera length variable emplea memcpy para introducir datos en un tamaño de búfer fijo. El búfer asignado solo puede ajustarse a MQTT_MAX_TOPIC_LENGTH (64 bytes por defecto) y carece de una comprobación de longitud. Esto podría conducir a la ejecución remota de código mediante un ataque de "stack-smashing" (que sobrescribe la dirección de retorno de la función). Contiki-NG no separa el servidor MQTT de otros servidores y los módulos del sistema operativo, por lo que se puede acceder a todas las regiones de memoria.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-11-21 CVE Reserved
  • 2018-11-21 CVE Published
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • 2024-09-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (1)
URL Tag Source
URL Date SRC
https://github.com/contiki-ng/contiki-ng/issues/600 2024-08-05
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Contiki-ng
Search vendor "Contiki-ng"
 Contiki-ng
Search vendor "Contiki-ng" for product "Contiki-ng"
 < 4.2
Search vendor "Contiki-ng" for product "Contiki-ng" and version " < 4.2"
-
Affected