Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
contiki-ng contiki-ng vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-24336
An issue exists in Contiki up to and including 3.0 and Contiki-NG up to and including 4.5. The code for parsing Type A domain name answers in ip64-dns64.c doesn't verify whether the address in the answer's length is sane. Therefore, when copying an address of an arbitra...
Contiki-ng Contiki-ng
Contiki-os Contiki
9.8
CVSSv3
CVE-2020-14934
Buffer overflows were discovered in Contiki-NG 4.4 up to and including 4.5, in the SNMP agent. The function parsing the received SNMP request does not verify the input message's requested variables against the capacity of the internal SNMP engine buffer. If the number of var...
Contiki-ng Contiki-ng
9.8
CVSSv3
CVE-2020-14935
Buffer overflows were discovered in Contiki-NG 4.4 up to and including 4.5, in the SNMP bulk get request response encoding function. The function parsing the received SNMP request does not verify the input message's requested variables against the capacity of the internal SN...
Contiki-ng Contiki-ng
9.8
CVSSv3
CVE-2020-14936
Buffer overflows were discovered in Contiki-NG 4.4 up to and including 4.5, in the SNMP agent. Functions parsing the OIDs in SNMP requests lack sufficient allocated target-buffer capacity verification when writing parsed OID values. The function snmp_oid_decode_oid() may overwrit...
Contiki-ng Contiki-ng
9.8
CVSSv3
CVE-2019-8359
An issue exists in Contiki-NG up to and including 4.3 and Contiki up to and including 3.0. An out of bounds write is present in the data section during 6LoWPAN fragment re-assembly in the face of forged fragment offsets in os/net/ipv6/sicslowpan.c.
Contiki-ng Contiki-ng
Contiki-os Contiki
9.8
CVSSv3
CVE-2018-1000804
contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable via Attacker must be able...
Contiki-ng Contiki-ng 4.0
9.1
CVSSv3
CVE-2021-42147
Buffer over-read vulnerability in the dtls_sha256_update function in Contiki-NG tinyDTLS through master branch 53a0d97 allows remote malicious users to cause a denial of service via crafted data packet.
Contiki-ng Tinydtls 2018-08-30
9.1
CVSSv3
CVE-2021-42143
An issue exists in Contiki-NG tinyDTLS through master branch 53a0d97. An infinite loop bug exists during the handling of a ClientHello handshake message. This bug allows remote malicious users to cause a denial of service by sending a malformed ClientHello handshake message with ...
Contiki-ng Tinydtls
9.1
CVSSv3
CVE-2020-27634
In Contiki 4.5, TCP ISNs are improperly random.
Contiki-ng Contiki-ng 4.5
9.1
CVSSv3
CVE-2023-34101
Contiki-NG is an operating system for internet of things devices. In version 4.8 and prior, when processing ICMP DAO packets in the `dao_input_storing` function, the Contiki-NG OS does not verify that the packet buffer is big enough to contain the bytes it needs before accessing ...
Contiki-ng Contiki-ng
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »