CyberSec.Space Logo
Back to CVE Browser

CVE-2019-8359

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0950%
EPSS Percentile12.08th
PublishedApr 23, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. An out of bounds write is present in the data section during 6LoWPAN fragment re-assembly in the face of forged fragment offsets in os/net/ipv6/sicslowpan.c.

Affected Platforms (CPE)

πŸ’»
Contiki Ng

Contiki Ng

<= 4.3
πŸ’»
Contiki Os

Contiki

<= 3.0

References & Advisories

πŸ”— https://github.com/contiki-ng/contiki-ng/pull/972
πŸ”— https://github.com/contiki-ng/contiki-ng/releases/tag/release%2Fv4.4
πŸ”— https://www.usenix.org/system/files/sec20summer_clements_prepub.pdf
πŸ”— https://github.com/contiki-ng/contiki-ng/pull/972
πŸ”— https://github.com/contiki-ng/contiki-ng/releases/tag/release%2Fv4.4
πŸ”— https://www.usenix.org/system/files/sec20summer_clements_prepub.pdf

Related Vulnerabilities

CVE-2018-1941710.0

An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function parse_publish_vhdr() that parses MQTT PUBLISH me...

CVE-2018-10008049.8

contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in ...

CVE-2020-149349.8

Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. The function parsing the received SNMP request ...

CVE-2020-149359.8

Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP bulk get request response encoding function. The funct...