VYPR
Vendor

Contiki OS

Products
1
CVEs
53
Across products
53
Status
Private

Products

1

Recent CVEs

53
View all 53 CVEs →
  • CVE-2020-24336CriDec 11, 2020
    risk 0.68cvss 9.8epss 0.59

    An issue was discovered in Contiki through 3.0 and Contiki-NG through 4.5. The code for parsing Type A domain name answers in ip64-dns64.c doesn't verify whether the address in the answer's length is sane. Therefore, when copying an address of an arbitrary length, a buffer…

  • CVE-2020-25112CriDec 11, 2020
    risk 0.66cvss 9.8epss 0.27

    An issue was discovered in the IPv6 stack in Contiki through 3.0. There are inconsistent checks for IPv6 header extension lengths. This leads to Denial-of-Service and potential Remote Code Execution via a crafted ICMPv6 echo packet.

  • CVE-2020-25111CriDec 11, 2020
    risk 0.65cvss 9.8epss 0.20

    An issue was discovered in the IPv6 stack in Contiki through 3.0. There is an insufficient check for the IPv6 header length. This leads to Denial-of-Service and potential Remote Code Execution via a crafted ICMPv6 echo packet.

  • CVE-2020-17438CriDec 11, 2020
    risk 0.65cvss 9.8epss 0.19

    An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails to properly validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP…

  • CVE-2020-14936CriAug 18, 2020
    risk 0.64cvss 9.8epss 0.01

    Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. Functions parsing the OIDs in SNMP requests lack sufficient allocated target-buffer capacity verification when writing parsed OID values. The function snmp_oid_decode_oid() may overwrite memory…

  • CVE-2020-14935CriAug 18, 2020
    risk 0.64cvss 9.8epss 0.03

    Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP bulk get request response encoding function. The function parsing the received SNMP request does not verify the input message's requested variables against the capacity of the internal SNMP engine…

  • CVE-2020-14934CriAug 18, 2020
    risk 0.64cvss 9.8epss 0.02

    Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. The function parsing the received SNMP request does not verify the input message's requested variables against the capacity of the internal SNMP engine buffer. If the number of variables in the…

  • CVE-2020-27634CriOct 10, 2023
    risk 0.59cvss 9.1epss 0.02

    In Contiki 4.5, TCP ISNs are improperly random.

  • CVE-2020-14937CriAug 18, 2020
    risk 0.59cvss 9.1epss 0.01

    Memory access out of buffer boundaries issues was discovered in Contiki-NG 4.4 through 4.5, in the SNMP BER encoder/decoder. The length of provided input/output buffers is insufficiently verified during the encoding and decoding of data. This may lead to out-of-bounds buffer…

  • CVE-2019-8359CriApr 23, 2020
    risk 0.57cvss 9.8epss 0.02

    An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. An out of bounds write is present in the data section during 6LoWPAN fragment re-assembly in the face of forged fragment offsets in os/net/ipv6/sicslowpan.c.

  • CVE-2020-17439HigDec 11, 2020
    risk 0.54cvss 8.3epss 0.03

    An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that parses incoming DNS packets does not validate that the incoming DNS replies match outgoing DNS queries in newdata() in resolv.c. Also, arbitrary DNS replies are parsed if there was any…

  • CVE-2020-17437HigDec 11, 2020
    risk 0.54cvss 8.2epss 0.03

    An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the…

  • CVE-2018-16666HigSep 7, 2018
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in next_string in os/storage/antelope/aql-lexer.c while parsing AQL (parsing next string).

  • CVE-2018-16663HigSep 7, 2018
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in parse_relations in os/storage/antelope/aql-parser.c while parsing AQL (storage of relations).

  • CVE-2021-40523HigSep 5, 2021
    risk 0.49cvss 7.5epss 0.01

    In Contiki 3.0, Telnet option negotiation is mishandled. During negotiation between a server and a client, the server may fail to give the WILL/WONT or DO/DONT response for DO and WILL commands because of improper handling of exception condition, which leads to property…

  • CVE-2021-38387HigAug 10, 2021
    risk 0.49cvss 7.5epss 0.01

    In Contiki 3.0, a Telnet server that silently quits (before disconnection with clients) leads to connected clients entering an infinite loop and waiting forever, which may cause excessive CPU consumption.

  • CVE-2021-38386HigAug 10, 2021
    risk 0.49cvss 7.5epss 0.01

    In Contiki 3.0, a buffer overflow in the Telnet service allows remote attackers to cause a denial of service because the ls command is mishandled when a directory has many files with long names.

  • CVE-2021-38311HigAug 9, 2021
    risk 0.49cvss 7.5epss 0.01

    In Contiki 3.0, potential nonterminating acknowledgment loops exist in the Telnet service. When the negotiated options are already disabled, servers still respond to DONT and WONT requests with WONT or DONT commands, which may lead to infinite acknowledgment loops, denial of…

  • CVE-2021-21279HigJun 18, 2021
    risk 0.49cvss 7.5epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In verions prior to 4.6, an attacker can perform a denial-of-service attack by triggering an infinite loop in the processing of IPv6 neighbor solicitation (NS) messages. This type of…

  • CVE-2021-28362HigMar 24, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Contiki through 3.0. When sending an ICMPv6 error message because of invalid extension header options in an incoming IPv6 packet, there is an attempt to remove the RPL extension headers. Because the packet length and the extension header length are…