CyberSec.Space Logo
Back to CVE Browser

CVE-2018-19417

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0850%
EPSS Percentile2.78th
PublishedNov 21, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function parse_publish_vhdr() that parses MQTT PUBLISH messages with a variable length header uses memcpy to input data into a fixed size buffer. The allocated buffer can fit only MQTT_MAX_TOPIC_LENGTH (default 64) bytes, and a length check is missing. This could lead to Remote Code Execution via a stack-smashing attack (overwriting the function return address). Contiki-NG does not separate the MQTT server from other servers and the OS modules, so access to all memory regions is possible.

Affected Platforms (CPE)

📦
Contiki Ng

Contiki Ng

< 4.2

References & Advisories

🔗 https://github.com/contiki-ng/contiki-ng/issues/600
🔗 https://github.com/contiki-ng/contiki-ng/issues/600

Related Vulnerabilities

CVE-2020-149349.8

Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. The function parsing the received SNMP request ...

CVE-2018-10008049.8

contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in ...

CVE-2019-83599.8

An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. An out of bounds write is present in the data section d...

CVE-2020-149359.8

Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP bulk get request response encoding function. The funct...