Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
contiki-ng contiki-ng 4.5 vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2020-27634
In Contiki 4.5, TCP ISNs are improperly random.
Contiki-ng Contiki-ng 4.5
9.8
CVSSv3
CVE-2021-21282
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In versions before 4.5, buffer overflow can be triggered by an input packet when using either of Contiki-NG's two RPL implementations in source-routing mode. The problem has been pa...
Contiki-ng Contiki-ng
9.1
CVSSv3
CVE-2020-14937
Memory access out of buffer boundaries issues exists in Contiki-NG 4.4 up to and including 4.5, in the SNMP BER encoder/decoder. The length of provided input/output buffers is insufficiently verified during the encoding and decoding of data. This may lead to out-of-bounds buffer ...
Contiki-ng Contiki-ng
9.8
CVSSv3
CVE-2020-14936
Buffer overflows were discovered in Contiki-NG 4.4 up to and including 4.5, in the SNMP agent. Functions parsing the OIDs in SNMP requests lack sufficient allocated target-buffer capacity verification when writing parsed OID values. The function snmp_oid_decode_oid() may overwrit...
Contiki-ng Contiki-ng
9.8
CVSSv3
CVE-2020-14934
Buffer overflows were discovered in Contiki-NG 4.4 up to and including 4.5, in the SNMP agent. The function parsing the received SNMP request does not verify the input message's requested variables against the capacity of the internal SNMP engine buffer. If the number of var...
Contiki-ng Contiki-ng
9.8
CVSSv3
CVE-2020-14935
Buffer overflows were discovered in Contiki-NG 4.4 up to and including 4.5, in the SNMP bulk get request response encoding function. The function parsing the received SNMP request does not verify the input message's requested variables against the capacity of the internal SN...
Contiki-ng Contiki-ng
9.8
CVSSv3
CVE-2020-24336
An issue exists in Contiki up to and including 3.0 and Contiki-NG up to and including 4.5. The code for parsing Type A domain name answers in ip64-dns64.c doesn't verify whether the address in the answer's length is sane. Therefore, when copying an address of an arbitra...
Contiki-ng Contiki-ng
Contiki-os Contiki
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started