CVE-2020-14934

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. The function parsing the received SNMP request does not verify the input message's requested variables against the capacity of the internal SNMP engine buffer. If the number of variables in the request exceeds the allocated buffer, a memory write out of the buffer boundaries occurs. This write operation provides a possibility to overwrite other variables allocated in the .bss section by the application. Because the sender of the frame is in control of the content that will be written beyond the buffer limits, and there is no strict process memory separation, this issue may allow overwriting of sensitive memory areas of an IoT device.

Se detectaron desbordamientos del búfer en Contiki-NG versiones 4.4 hasta 4.5, en el agente SNMP. La función que analiza la petición SNMP recibida no verifica las variables solicitadas del mensaje de entrada contra la capacidad del búfer interno del motor SNMP. Si el número de variables en la petición supera el búfer asignado, se produce una escritura de la memoria fuera de los límites del búfer. Esta operación de escritura brinda la posibilidad de sobrescribir otras variables asignadas en la sección .bss por parte de la aplicación. Debido a que el remitente de la trama tiene el control del contenido que se escribirá más allá de los límites del búfer y no existe una separación estricta de la memoria del proceso, este problema puede permitir la sobrescritura de áreas de memoria confidencial de un dispositivo de IoT.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-06-21 CVE Reserved
2020-08-18 CVE Published
2024-07-25 EPSS Updated
2024-08-04 CVE Updated
2024-08-04 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-787: Out-of-bounds Write

CAPEC

References (2)

URL	Tag	Source
https://drive.google.com/file/d/1NIf0Y0S47Lu85uSi29kt9tgSh0jYZYfj/view?usp=sharing	Third Party Advisory

URL	Date	SRC
https://github.com/contiki-ng/contiki-ng/issues/1352	2024-08-04

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Contiki-ng Search vendor "Contiki-ng"		Contiki-ng Search vendor "Contiki-ng" for product "Contiki-ng"				>= 4.4 <= 4.5 Search vendor "Contiki-ng" for product "Contiki-ng" and version " >= 4.4 <= 4.5"		-		Affected