VYPR

Contiki Ng

by Xwiki Contrib

Source repositories

CVEs (37)

  • CVE-2023-23609Jan 25, 2023
    risk 0.00cvss epss 0.00

    Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to and including 4.8 are vulnerable to an out-of-bounds write that can occur in the BLE-L2CAP module. The Bluetooth Low Energy - Logical Link Control and Adaptation…

  • CVE-2022-41972Dec 16, 2022
    risk 0.00cvss epss 0.00

    Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 contain a NULL Pointer Dereference in BLE L2CAP module. The Contiki-NG operating system for IoT devices contains a Bluetooth Low Energy stack. An attacker can…

  • CVE-2022-41873Nov 11, 2022
    risk 0.00cvss epss 0.00

    Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 are vulnerable to an Out-of-bounds read. While processing the L2CAP protocol, the Bluetooth Low Energy stack of Contiki-NG needs to map an incoming channel ID to…

  • CVE-2022-36054Sep 1, 2022
    risk 0.00cvss epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in the Contiki-NG operating system (file os/net/ipv6/sicslowpan.c) contains an input function that processes incoming packets and copies them into a packet…

  • CVE-2022-36052Sep 1, 2022
    risk 0.00cvss epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in Contiki-NG may cast a UDP header structure at a certain offset in a packet buffer. The code does not check whether the packet buffer is large enough to…

  • CVE-2022-36053Sep 1, 2022
    risk 0.00cvss epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The low-power IPv6 network stack of Contiki-NG has a buffer module (os/net/ipv6/uipbuf.c) that processes IPv6 extension headers in incoming data packets. As part of this processing,…

  • CVE-2022-35927Aug 4, 2022
    risk 0.00cvss epss 0.02

    Contiki-NG is an open-source, cross-platform operating system for IoT devices. In the RPL-Classic routing protocol implementation in the Contiki-NG operating system, an incoming DODAG Information Option (DIO) control message can contain a prefix information option with a length…

  • CVE-2022-35926Aug 4, 2022
    risk 0.00cvss epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for IoT devices. Because of insufficient validation of IPv6 neighbor discovery options in Contiki-NG, attackers can send neighbor solicitation packets that trigger an out-of-bounds read. The problem exists in the…

  • CVE-2021-32771Aug 4, 2022
    risk 0.00cvss epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for IoT devices. In affected versions it is possible to cause a buffer overflow when copying an IPv6 address prefix in the RPL-Classic implementation in Contiki-NG. In order to trigger the vulnerability, the…

  • CVE-2021-21410Jun 18, 2021
    risk 0.00cvss epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be triggered by 6LoWPAN packets sent to devices running Contiki-NG 4.6 and prior. The IPv6 header decompression function (uncompress_hdr_iphc)…

  • CVE-2021-21257Jun 18, 2021
    risk 0.00cvss epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for internet of things devices. The RPL-Classic and RPL-Lite implementations in the Contiki-NG operating system versions prior to 4.6 do not validate the address pointer in the RPL source routing header This makes it…

  • CVE-2021-21279Jun 18, 2021
    risk 0.00cvss epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In verions prior to 4.6, an attacker can perform a denial-of-service attack by triggering an infinite loop in the processing of IPv6 neighbor solicitation (NS) messages. This type of…

  • CVE-2021-21280Jun 18, 2021
    risk 0.00cvss epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for internet of things devices. It is possible to cause an out-of-bounds write in versions of Contiki-NG prior to 4.6 when transmitting a 6LoWPAN packet with a chain of extension headers. Unfortunately, the written…

  • CVE-2021-21281Jun 18, 2021
    risk 0.00cvss epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for internet of things devices. A buffer overflow vulnerability exists in Contiki-NG versions prior to 4.6. After establishing a TCP socket using the tcp-socket library, it is possible for the remote end to send a…

  • CVE-2021-21282Jun 18, 2021
    risk 0.00cvss epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In versions prior to 4.5, buffer overflow can be triggered by an input packet when using either of Contiki-NG's two RPL implementations in source-routing mode. The problem has been…

  • CVE-2018-20579Dec 28, 2018
    risk 0.00cvss epss 0.00

    Contiki-NG before 4.2 has a stack-based buffer overflow in the push function in os/lib/json/jsonparse.c that allows an out-of-bounds write of an '{' or '[' character.

  • CVE-2018-19417Nov 21, 2018
    risk 0.00cvss epss 0.06

    An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function parse_publish_vhdr() that parses MQTT PUBLISH messages with a variable length header uses memcpy to input data into a fixed size buffer. The allocated buffer can fit only MQTT_MAX_TOPIC_LENGTH…

Page 2 of 2