VYPR
← All advisories
High severity7.5NVD Advisory· Published May 28, 2017· Updated May 13, 2026

CVE-2017-7295

CVE-2017-7295

Description

An issue was discovered in Contiki Operating System 3.0. A use-after-free vulnerability exists in httpd-simple.c in cc26xx-web-demo httpd, where upon a connection close event, the http_state structure was not deallocated properly, resulting in a NULL pointer dereference in the output processing function. This resulted in a board crash, which can be used to perform denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A use-after-free in Contiki OS 3.0's httpd-simple.c causes a NULL pointer dereference, leading to denial of service via board crash.

Vulnerability

A use-after-free vulnerability exists in httpd-simple.c within the cc26xx-web-demo HTTP server of Contiki Operating System 3.0 [1]. When a connection close event occurs, the http_state structure is not properly deallocated, leading to a NULL pointer dereference in the output processing function. This results in a board crash, enabling denial of service.

Exploitation

An attacker can trigger the vulnerability by establishing a network connection to the affected HTTP server and then closing the connection. No authentication or special privileges are required; the attacker only needs network access to the device running the vulnerable Contiki OS 3.0 software.

Impact

Successful exploitation causes a board crash, resulting in a denial of service (DoS). The vulnerability affects system availability; no data confidentiality or integrity impact is described.

Mitigation

No official fix or workaround was disclosed in the available reference [1]. The issue was reported to and acknowledged by a Contiki maintainer, but no patched version has been released. Users should monitor for updates from the Contiki project or consider disabling the HTTP server if not required.

References
  1. Contiki MQTT and XSS

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Contiki Os/Contiki2 versions
    cpe:2.3:o:contiki-os:contiki:3.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:contiki-os:contiki:3.0:*:*:*:*:*:*:*
    • (no CPE)range: = 3.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.