VYPR

Contiki Ng

by Xwiki Contrib

Source repositories

CVEs (37)

  • CVE-2018-16666HigSep 7, 2018
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in next_string in os/storage/antelope/aql-lexer.c while parsing AQL (parsing next string).

  • CVE-2018-16663HigSep 7, 2018
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in parse_relations in os/storage/antelope/aql-parser.c while parsing AQL (storage of relations).

  • CVE-2018-16667HigSep 7, 2018
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in Contiki-NG through 4.1. There is a buffer over-read in lookup in os/storage/antelope/lvm.c while parsing AQL (lvm_register_variable, lvm_set_variable_value, create_intersection, create_union).

  • CVE-2018-16664HigSep 7, 2018
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow in lvm_set_type in os/storage/antelope/lvm.c while parsing AQL (lvm_set_op, lvm_set_relation, lvm_set_operand).

  • CVE-2018-16665MedSep 7, 2018
    risk 0.40cvss 6.1epss 0.00

    An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow while parsing AQL in lvm_shift_for_operator in os/storage/antelope/lvm.c.

  • CVE-2018-1000804CriOct 8, 2018
    risk 0.01cvss 9.8epss 0.06

    contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable via Attacker must be…

  • CVE-2023-29001Nov 27, 2024
    risk 0.00cvss epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for IoT devices. The Contiki-NG operating system processes source routing headers (SRH) in its two alternative RPL protocol implementations. The IPv6 implementation uses the results of this processing to determine…

  • CVE-2024-41125Nov 27, 2024
    risk 0.00cvss epss 0.00

    Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the default Contiki-NG…

  • CVE-2024-41126Nov 27, 2024
    risk 0.00cvss epss 0.00

    Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the default Contiki-NG…

  • CVE-2024-47181Nov 27, 2024
    risk 0.00cvss epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for IoT devices. An unaligned memory access can be triggered in the two RPL implementations of the Contiki-NG operating system. The problem can occur when either one of these RPL implementations is enabled and…

  • CVE-2023-50926Feb 14, 2024
    risk 0.00cvss epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be caused by an incoming DIO message when using the RPL-Lite implementation in the Contiki-NG operating system. More specifically, the prefix information of…

  • CVE-2023-50927Feb 14, 2024
    risk 0.00cvss epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An attacker can trigger out-of-bounds reads in the RPL-Lite implementation of the RPL protocol in the Contiki-NG operating system. This vulnerability is caused by insufficient control…

  • CVE-2023-48229Feb 14, 2024
    risk 0.00cvss epss 0.00

    Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds write exists in the driver for IEEE 802.15.4 radios on nRF platforms in the Contiki-NG operating system. The problem is triggered when parsing radio frames in the…

  • CVE-2023-37459Sep 15, 2023
    risk 0.00cvss epss 0.00

    Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when a packet is received, the Contiki-NG network stack attempts to start the periodic TCP timer if it is a TCP packet with the SYN flag set. But the implementation does not first verify…

  • CVE-2023-37281Sep 15, 2023
    risk 0.00cvss epss 0.00

    Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when processing the various IPv6 header fields during IPHC header decompression, Contiki-NG confirms the received packet buffer contains enough data as needed for that field. But no…

  • CVE-2023-34101Jun 14, 2023
    risk 0.00cvss epss 0.01

    Contiki-NG is an operating system for internet of things devices. In version 4.8 and prior, when processing ICMP DAO packets in the `dao_input_storing` function, the Contiki-NG OS does not verify that the packet buffer is big enough to contain the bytes it needs before accessing…

  • CVE-2023-34100Jun 9, 2023
    risk 0.00cvss epss 0.00

    Contiki-NG is an open-source, cross-platform operating system for IoT devices. When reading the TCP MSS option value from an incoming packet, the Contiki-NG OS does not verify that certain buffer indices to read from are within the bounds of the IPv6 packet buffer, uip_buf. In…

  • CVE-2023-31129May 8, 2023
    risk 0.00cvss epss 0.01

    The Contiki-NG operating system versions 4.8 and prior can be triggered to dereference a NULL pointer in the message handling code for IPv6 router solicitiations. Contiki-NG contains an implementation of IPv6 Neighbor Discovery (ND) in the module `os/net/ipv6/uip-nd6.c`. The ND…

  • CVE-2023-30546Apr 26, 2023
    risk 0.00cvss epss 0.01

    Contiki-NG is an operating system for Internet of Things devices. An off-by-one error can be triggered in the Antelope database management system in the Contiki-NG operating system in versions 4.8 and prior. The problem exists in the Contiki File System (CFS) backend for the…

  • CVE-2023-28116Mar 17, 2023
    risk 0.00cvss epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for internet of things (IoT) devices. In versions 4.8 and prior, an out-of-bounds write can occur in the BLE L2CAP module of the Contiki-NG operating system. The network stack of Contiki-NG uses a global buffer…

Page 1 of 2