VYPR

Contiki

by Contiki OS

Source repositories

CVEs (53)

  • CVE-2020-17440HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that parses incoming DNS packets does not validate that domain names present in the DNS responses have '\0' termination. This results in errors when calculating the offset of the pointer that…

  • CVE-2020-13988HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.04

    An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c.

  • CVE-2020-13986HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c.

  • CVE-2020-13985HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.05

    An issue was discovered in Contiki through 3.0. A memory corruption vulnerability exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c.

  • CVE-2020-13984HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when processing IPv6 extension headers in ext_hdr_options_process in net/ipv6/uip6.c.

  • CVE-2017-7295HigMay 28, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Contiki Operating System 3.0. A use-after-free vulnerability exists in httpd-simple.c in cc26xx-web-demo httpd, where upon a connection close event, the http_state structure was not deallocated properly, resulting in a NULL pointer dereference in the…

  • CVE-2018-16667HigSep 7, 2018
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in Contiki-NG through 4.1. There is a buffer over-read in lookup in os/storage/antelope/lvm.c while parsing AQL (lvm_register_variable, lvm_set_variable_value, create_intersection, create_union).

  • CVE-2018-16664HigSep 7, 2018
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow in lvm_set_type in os/storage/antelope/lvm.c while parsing AQL (lvm_set_op, lvm_set_relation, lvm_set_operand).

  • CVE-2018-16665MedSep 7, 2018
    risk 0.40cvss 6.1epss 0.00

    An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow while parsing AQL in lvm_shift_for_operator in os/storage/antelope/lvm.c.

  • CVE-2017-7296MedMay 28, 2017
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page (aka mqtt.html) of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user…

  • CVE-2018-1000804CriOct 8, 2018
    risk 0.01cvss 9.8epss 0.06

    contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable via Attacker must be…

  • CVE-2023-37459MedSep 15, 2023
    risk 0.00cvss 5.3epss 0.00

    Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when a packet is received, the Contiki-NG network stack attempts to start the periodic TCP timer if it is a TCP packet with the SYN flag set. But the implementation does not first verify…

  • CVE-2023-37281MedSep 15, 2023
    risk 0.00cvss 5.3epss 0.00

    Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when processing the various IPv6 header fields during IPHC header decompression, Contiki-NG confirms the received packet buffer contains enough data as needed for that field. But no…

  • CVE-2023-34101HigJun 14, 2023
    risk 0.00cvss 7.3epss 0.01

    Contiki-NG is an operating system for internet of things devices. In version 4.8 and prior, when processing ICMP DAO packets in the `dao_input_storing` function, the Contiki-NG OS does not verify that the packet buffer is big enough to contain the bytes it needs before accessing…

  • CVE-2023-34100HigJun 9, 2023
    risk 0.00cvss 7.3epss 0.00

    Contiki-NG is an open-source, cross-platform operating system for IoT devices. When reading the TCP MSS option value from an incoming packet, the Contiki-NG OS does not verify that certain buffer indices to read from are within the bounds of the IPv6 packet buffer, uip_buf. In…

  • CVE-2023-31129HigMay 8, 2023
    risk 0.00cvss 7.5epss 0.01

    The Contiki-NG operating system versions 4.8 and prior can be triggered to dereference a NULL pointer in the message handling code for IPv6 router solicitiations. Contiki-NG contains an implementation of IPv6 Neighbor Discovery (ND) in the module `os/net/ipv6/uip-nd6.c`. The ND…

  • CVE-2023-30546CriApr 26, 2023
    risk 0.00cvss 9.8epss 0.01

    Contiki-NG is an operating system for Internet of Things devices. An off-by-one error can be triggered in the Antelope database management system in the Contiki-NG operating system in versions 4.8 and prior. The problem exists in the Contiki File System (CFS) backend for the…

  • CVE-2023-28116HigMar 17, 2023
    risk 0.00cvss 8.1epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for internet of things (IoT) devices. In versions 4.8 and prior, an out-of-bounds write can occur in the BLE L2CAP module of the Contiki-NG operating system. The network stack of Contiki-NG uses a global buffer…

  • CVE-2023-23609HigJan 26, 2023
    risk 0.00cvss 8.2epss 0.00

    Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to and including 4.8 are vulnerable to an out-of-bounds write that can occur in the BLE-L2CAP module. The Bluetooth Low Energy - Logical Link Control and Adaptation…

  • CVE-2022-41972LowDec 16, 2022
    risk 0.00cvss 2.9epss 0.00

    Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 contain a NULL Pointer Dereference in BLE L2CAP module. The Contiki-NG operating system for IoT devices contains a Bluetooth Low Energy stack. An attacker can…