CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-8359

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0950%
EPSS Percentile12.08th
Published2020年4月23日
Last Modified2024年11月21日

Vulnerability Description

An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. An out of bounds write is present in the data section during 6LoWPAN fragment re-assembly in the face of forged fragment offsets in os/net/ipv6/sicslowpan.c.

Affected Platforms (CPE)

💻
Contiki Ng

Contiki Ng

<= 4.3
💻
Contiki Os

Contiki

<= 3.0

References & Advisories

🔗 https://github.com/contiki-ng/contiki-ng/pull/972
🔗 https://github.com/contiki-ng/contiki-ng/releases/tag/release%2Fv4.4
🔗 https://www.usenix.org/system/files/sec20summer_clements_prepub.pdf
🔗 https://github.com/contiki-ng/contiki-ng/pull/972
🔗 https://github.com/contiki-ng/contiki-ng/releases/tag/release%2Fv4.4
🔗 https://www.usenix.org/system/files/sec20summer_clements_prepub.pdf

関連する脆弱性情報

CVE-2018-1941710.0

An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function parse_publish_vhdr() that parses MQTT PUBLISH me...

CVE-2018-10008049.8

contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in ...

CVE-2020-149349.8

Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. The function parsing the received SNMP request ...

CVE-2020-149359.8

Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP bulk get request response encoding function. The funct...