VYPR

Vendor CVEs

Contiki OS

All CVEs

53 total · sorted by risk
  • CVE-2020-24336CriDec 11, 2020
    risk 0.68cvss 9.8epss 0.59

    An issue was discovered in Contiki through 3.0 and Contiki-NG through 4.5. The code for parsing Type A domain name answers in ip64-dns64.c doesn't verify whether the address in the answer's length is sane. Therefore, when copying an address of an arbitrary length, a buffer…

  • CVE-2020-25112CriDec 11, 2020
    risk 0.66cvss 9.8epss 0.27

    An issue was discovered in the IPv6 stack in Contiki through 3.0. There are inconsistent checks for IPv6 header extension lengths. This leads to Denial-of-Service and potential Remote Code Execution via a crafted ICMPv6 echo packet.

  • CVE-2020-25111CriDec 11, 2020
    risk 0.65cvss 9.8epss 0.20

    An issue was discovered in the IPv6 stack in Contiki through 3.0. There is an insufficient check for the IPv6 header length. This leads to Denial-of-Service and potential Remote Code Execution via a crafted ICMPv6 echo packet.

  • CVE-2020-17438CriDec 11, 2020
    risk 0.65cvss 9.8epss 0.19

    An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails to properly validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP…

  • CVE-2020-14936CriAug 18, 2020
    risk 0.64cvss 9.8epss 0.01

    Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. Functions parsing the OIDs in SNMP requests lack sufficient allocated target-buffer capacity verification when writing parsed OID values. The function snmp_oid_decode_oid() may overwrite memory…

  • CVE-2020-14935CriAug 18, 2020
    risk 0.64cvss 9.8epss 0.03

    Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP bulk get request response encoding function. The function parsing the received SNMP request does not verify the input message's requested variables against the capacity of the internal SNMP engine…

  • CVE-2020-14934CriAug 18, 2020
    risk 0.64cvss 9.8epss 0.02

    Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. The function parsing the received SNMP request does not verify the input message's requested variables against the capacity of the internal SNMP engine buffer. If the number of variables in the…

  • CVE-2020-27634CriOct 10, 2023
    risk 0.59cvss 9.1epss 0.02

    In Contiki 4.5, TCP ISNs are improperly random.

  • CVE-2020-14937CriAug 18, 2020
    risk 0.59cvss 9.1epss 0.01

    Memory access out of buffer boundaries issues was discovered in Contiki-NG 4.4 through 4.5, in the SNMP BER encoder/decoder. The length of provided input/output buffers is insufficiently verified during the encoding and decoding of data. This may lead to out-of-bounds buffer…

  • CVE-2019-8359CriApr 23, 2020
    risk 0.57cvss 9.8epss 0.02

    An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. An out of bounds write is present in the data section during 6LoWPAN fragment re-assembly in the face of forged fragment offsets in os/net/ipv6/sicslowpan.c.

  • CVE-2020-17439HigDec 11, 2020
    risk 0.54cvss 8.3epss 0.03

    An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that parses incoming DNS packets does not validate that the incoming DNS replies match outgoing DNS queries in newdata() in resolv.c. Also, arbitrary DNS replies are parsed if there was any…

  • CVE-2020-17437HigDec 11, 2020
    risk 0.54cvss 8.2epss 0.03

    An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the…

  • CVE-2018-16666HigSep 7, 2018
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in next_string in os/storage/antelope/aql-lexer.c while parsing AQL (parsing next string).

  • CVE-2018-16663HigSep 7, 2018
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in parse_relations in os/storage/antelope/aql-parser.c while parsing AQL (storage of relations).

  • CVE-2021-40523HigSep 5, 2021
    risk 0.49cvss 7.5epss 0.01

    In Contiki 3.0, Telnet option negotiation is mishandled. During negotiation between a server and a client, the server may fail to give the WILL/WONT or DO/DONT response for DO and WILL commands because of improper handling of exception condition, which leads to property…

  • CVE-2021-38387HigAug 10, 2021
    risk 0.49cvss 7.5epss 0.01

    In Contiki 3.0, a Telnet server that silently quits (before disconnection with clients) leads to connected clients entering an infinite loop and waiting forever, which may cause excessive CPU consumption.

  • CVE-2021-38386HigAug 10, 2021
    risk 0.49cvss 7.5epss 0.01

    In Contiki 3.0, a buffer overflow in the Telnet service allows remote attackers to cause a denial of service because the ls command is mishandled when a directory has many files with long names.

  • CVE-2021-38311HigAug 9, 2021
    risk 0.49cvss 7.5epss 0.01

    In Contiki 3.0, potential nonterminating acknowledgment loops exist in the Telnet service. When the negotiated options are already disabled, servers still respond to DONT and WONT requests with WONT or DONT commands, which may lead to infinite acknowledgment loops, denial of…

  • CVE-2021-21279HigJun 18, 2021
    risk 0.49cvss 7.5epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In verions prior to 4.6, an attacker can perform a denial-of-service attack by triggering an infinite loop in the processing of IPv6 neighbor solicitation (NS) messages. This type of…

  • CVE-2021-28362HigMar 24, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Contiki through 3.0. When sending an ICMPv6 error message because of invalid extension header options in an incoming IPv6 packet, there is an attempt to remove the RPL extension headers. Because the packet length and the extension header length are…

  • CVE-2020-17440HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that parses incoming DNS packets does not validate that domain names present in the DNS responses have '\0' termination. This results in errors when calculating the offset of the pointer that…

  • CVE-2020-13988HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.04

    An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c.

  • CVE-2020-13986HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c.

  • CVE-2020-13985HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.05

    An issue was discovered in Contiki through 3.0. A memory corruption vulnerability exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c.

  • CVE-2020-13984HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when processing IPv6 extension headers in ext_hdr_options_process in net/ipv6/uip6.c.

  • CVE-2017-7295HigMay 28, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Contiki Operating System 3.0. A use-after-free vulnerability exists in httpd-simple.c in cc26xx-web-demo httpd, where upon a connection close event, the http_state structure was not deallocated properly, resulting in a NULL pointer dereference in the…

  • CVE-2018-16667HigSep 7, 2018
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in Contiki-NG through 4.1. There is a buffer over-read in lookup in os/storage/antelope/lvm.c while parsing AQL (lvm_register_variable, lvm_set_variable_value, create_intersection, create_union).

  • CVE-2018-16664HigSep 7, 2018
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow in lvm_set_type in os/storage/antelope/lvm.c while parsing AQL (lvm_set_op, lvm_set_relation, lvm_set_operand).

  • CVE-2018-16665MedSep 7, 2018
    risk 0.40cvss 6.1epss 0.00

    An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow while parsing AQL in lvm_shift_for_operator in os/storage/antelope/lvm.c.

  • CVE-2017-7296MedMay 28, 2017
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page (aka mqtt.html) of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user…

  • CVE-2018-1000804CriOct 8, 2018
    risk 0.01cvss 9.8epss 0.06

    contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable via Attacker must be…

  • CVE-2023-37459MedSep 15, 2023
    risk 0.00cvss 5.3epss 0.00

    Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when a packet is received, the Contiki-NG network stack attempts to start the periodic TCP timer if it is a TCP packet with the SYN flag set. But the implementation does not first verify…

  • CVE-2023-37281MedSep 15, 2023
    risk 0.00cvss 5.3epss 0.00

    Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when processing the various IPv6 header fields during IPHC header decompression, Contiki-NG confirms the received packet buffer contains enough data as needed for that field. But no…

  • CVE-2023-34101HigJun 14, 2023
    risk 0.00cvss 7.3epss 0.01

    Contiki-NG is an operating system for internet of things devices. In version 4.8 and prior, when processing ICMP DAO packets in the `dao_input_storing` function, the Contiki-NG OS does not verify that the packet buffer is big enough to contain the bytes it needs before accessing…

  • CVE-2023-34100HigJun 9, 2023
    risk 0.00cvss 7.3epss 0.00

    Contiki-NG is an open-source, cross-platform operating system for IoT devices. When reading the TCP MSS option value from an incoming packet, the Contiki-NG OS does not verify that certain buffer indices to read from are within the bounds of the IPv6 packet buffer, uip_buf. In…

  • CVE-2023-31129HigMay 8, 2023
    risk 0.00cvss 7.5epss 0.01

    The Contiki-NG operating system versions 4.8 and prior can be triggered to dereference a NULL pointer in the message handling code for IPv6 router solicitiations. Contiki-NG contains an implementation of IPv6 Neighbor Discovery (ND) in the module `os/net/ipv6/uip-nd6.c`. The ND…

  • CVE-2023-30546CriApr 26, 2023
    risk 0.00cvss 9.8epss 0.01

    Contiki-NG is an operating system for Internet of Things devices. An off-by-one error can be triggered in the Antelope database management system in the Contiki-NG operating system in versions 4.8 and prior. The problem exists in the Contiki File System (CFS) backend for the…

  • CVE-2023-28116HigMar 17, 2023
    risk 0.00cvss 8.1epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for internet of things (IoT) devices. In versions 4.8 and prior, an out-of-bounds write can occur in the BLE L2CAP module of the Contiki-NG operating system. The network stack of Contiki-NG uses a global buffer…

  • CVE-2023-23609HigJan 26, 2023
    risk 0.00cvss 8.2epss 0.00

    Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to and including 4.8 are vulnerable to an out-of-bounds write that can occur in the BLE-L2CAP module. The Bluetooth Low Energy - Logical Link Control and Adaptation…

  • CVE-2022-41972LowDec 16, 2022
    risk 0.00cvss 2.9epss 0.00

    Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 contain a NULL Pointer Dereference in BLE L2CAP module. The Contiki-NG operating system for IoT devices contains a Bluetooth Low Energy stack. An attacker can…

  • CVE-2022-41873MedNov 11, 2022
    risk 0.00cvss 4.2epss 0.00

    Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 are vulnerable to an Out-of-bounds read. While processing the L2CAP protocol, the Bluetooth Low Energy stack of Contiki-NG needs to map an incoming channel ID to…

  • CVE-2022-36054MedSep 1, 2022
    risk 0.00cvss 6.8epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in the Contiki-NG operating system (file os/net/ipv6/sicslowpan.c) contains an input function that processes incoming packets and copies them into a packet…

  • CVE-2022-36053MedSep 1, 2022
    risk 0.00cvss 5.9epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The low-power IPv6 network stack of Contiki-NG has a buffer module (os/net/ipv6/uipbuf.c) that processes IPv6 extension headers in incoming data packets. As part of this processing,…

  • CVE-2022-36052MedSep 1, 2022
    risk 0.00cvss 5.9epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in Contiki-NG may cast a UDP header structure at a certain offset in a packet buffer. The code does not check whether the packet buffer is large enough to…

  • CVE-2022-35927HigAug 4, 2022
    risk 0.00cvss 8.1epss 0.02

    Contiki-NG is an open-source, cross-platform operating system for IoT devices. In the RPL-Classic routing protocol implementation in the Contiki-NG operating system, an incoming DODAG Information Option (DIO) control message can contain a prefix information option with a length…

  • CVE-2022-35926MedAug 4, 2022
    risk 0.00cvss 5.9epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for IoT devices. Because of insufficient validation of IPv6 neighbor discovery options in Contiki-NG, attackers can send neighbor solicitation packets that trigger an out-of-bounds read. The problem exists in the…

  • CVE-2021-32771HigAug 4, 2022
    risk 0.00cvss 8.1epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for IoT devices. In affected versions it is possible to cause a buffer overflow when copying an IPv6 address prefix in the RPL-Classic implementation in Contiki-NG. In order to trigger the vulnerability, the…

  • CVE-2021-21410HigJun 18, 2021
    risk 0.00cvss 8.2epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be triggered by 6LoWPAN packets sent to devices running Contiki-NG 4.6 and prior. The IPv6 header decompression function (uncompress_hdr_iphc)…

  • CVE-2021-21281HigJun 18, 2021
    risk 0.00cvss 7.0epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for internet of things devices. A buffer overflow vulnerability exists in Contiki-NG versions prior to 4.6. After establishing a TCP socket using the tcp-socket library, it is possible for the remote end to send a…

  • CVE-2021-21280HigJun 18, 2021
    risk 0.00cvss 8.6epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for internet of things devices. It is possible to cause an out-of-bounds write in versions of Contiki-NG prior to 4.6 when transmitting a 6LoWPAN packet with a chain of extension headers. Unfortunately, the written…

Page 1 of 2