CyberSec.Space Logo
Back to CVE Browser

CVE-2018-1000804

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0370%
EPSS Percentile7.57th
PublishedOct 8, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable via Attacker must be able to run malicious AQL code (e.g. via SQL-like Injection attack).

Affected Platforms (CPE)

πŸ’»
Contiki Ng

Contiki Ng

= 4.0

References & Advisories

πŸ”— https://github.com/contiki-ng/contiki-ng/issues/594
πŸ”— https://github.com/contiki-ng/contiki-ng/pull/624
πŸ”— https://github.com/contiki-ng/contiki-ng/issues/594
πŸ”— https://github.com/contiki-ng/contiki-ng/pull/624

Related Vulnerabilities

CVE-2018-1941710.0

An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function parse_publish_vhdr() that parses MQTT PUBLISH me...

CVE-2020-149349.8

Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. The function parsing the received SNMP request ...

CVE-2019-83599.8

An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. An out of bounds write is present in the data section d...

CVE-2020-149359.8

Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP bulk get request response encoding function. The funct...