Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
contiki-ng contiki-ng vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2018-19417
An issue exists in the MQTT server in Contiki-NG prior to 4.2. The function parse_publish_vhdr() that parses MQTT PUBLISH messages with a variable length header uses memcpy to input data into a fixed size buffer. The allocated buffer can fit only MQTT_MAX_TOPIC_LENGTH (default 64...
Contiki-ng Contiki-ng
9.8
CVSSv3
CVE-2021-42144
Buffer over-read vulnerability in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers obtain sensitive information via crafted input to dtls_ccm_decrypt_message().
Contiki-ng Contiki-ng Tinydtls
9.8
CVSSv3
CVE-2021-42142
An issue exists in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers mishandle the early use of a large epoch number. This vulnerability allows remote malicious users to cause a denial of service and false-positive packet drops.
Contiki-ng Tinydtls
9.8
CVSSv3
CVE-2021-42141
An issue exists in Contiki-NG tinyDTLS through 2018-08-30. One incorrect handshake could complete with different epoch numbers in the packets Client_Hello, Client_key_exchange, and Change_cipher_spec, which may cause denial of service.
Contiki-ng Tinydtls
9.8
CVSSv3
CVE-2023-31129
The Contiki-NG operating system versions 4.8 and prior can be triggered to dereference a NULL pointer in the message handling code for IPv6 router solicitiations. Contiki-NG contains an implementation of IPv6 Neighbor Discovery (ND) in the module `os/net/ipv6/uip-nd6.c`. The ND p...
Contiki-ng Contiki-ng
9.8
CVSSv3
CVE-2023-28116
Contiki-NG is an open-source, cross-platform operating system for internet of things (IoT) devices. In versions 4.8 and prior, an out-of-bounds write can occur in the BLE L2CAP module of the Contiki-NG operating system. The network stack of Contiki-NG uses a global buffer (packet...
Contiki-ng Contiki-ng
9.8
CVSSv3
CVE-2022-35927
Contiki-NG is an open-source, cross-platform operating system for IoT devices. In the RPL-Classic routing protocol implementation in the Contiki-NG operating system, an incoming DODAG Information Option (DIO) control message can contain a prefix information option with a length p...
Contiki-ng Contiki-ng
9.8
CVSSv3
CVE-2021-21280
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. It is possible to cause an out-of-bounds write in versions of Contiki-NG before 4.6 when transmitting a 6LoWPAN packet with a chain of extension headers. Unfortunately, the written heade...
Contiki-ng Contiki-ng
9.8
CVSSv3
CVE-2021-21281
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. A buffer overflow vulnerability exists in Contiki-NG versions before 4.6. After establishing a TCP socket using the tcp-socket library, it is possible for the remote end to send a packet...
Contiki-ng Contiki-ng
9.8
CVSSv3
CVE-2021-21282
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In versions before 4.5, buffer overflow can be triggered by an input packet when using either of Contiki-NG's two RPL implementations in source-routing mode. The problem has been pa...
Contiki-ng Contiki-ng
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »