Vulnerability of the uip_reass() function (uip.c) in the Contiki OS, which allows a hacker to cause a service failure or execute arbitrary code.

The vulnerability of the uipreass function in the Contiki OS’s uip.c file is related to writing beyond the buffer boundaries. Exploiting this vulnerability could allow a remote attacker to cause service failures or execute arbitrary code using a specially crafted fragmented package...

Multiple Embedded TCP/IP Stacks (Update B)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Multiple Equipment: Nut/Net, CycloneTCP, NDKTCPIP, FNET, uIP-Contiki-OS, uC/TCP-IP, uIP-Contiki-NG, uIP, picoTCP-NG, picoTCP, MPLAB Net, Nucleus NET, Nucleus ReadyStart Vulnerabilities: Use of...

uIP-Contiki-OS 缓冲区错误漏洞

Contiki is an open source, highly portable, networked multitasking operating system for memory-constrained systems. A denial of service and remote code execution vulnerability exists in the IPv6 stack in Contiki 3.0 and earlier versions. The vulnerability stems from inconsistent checking of the...

UBUNTU-CVE-2020-13987

An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upperlayerchksum in net/ipv4/uip.c...

CVE-2017-7296

An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page aka mqtt.html of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configu...

CVE-2017-7295

An issue was discovered in Contiki Operating System 3.0. A use-after-free vulnerability exists in httpd-simple.c in cc26xx-web-demo httpd, where upon a connection close event, the httpstate structure was not deallocated properly, resulting in a NULL pointer dereference in the output processing...

Design/Logic Flaw

An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page aka mqtt.html of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configu...

Null pointer dereference

An issue was discovered in Contiki Operating System 3.0. A use-after-free vulnerability exists in httpd-simple.c in cc26xx-web-demo httpd, where upon a connection close event, the httpstate structure was not deallocated properly, resulting in a NULL pointer dereference in the output processing...

CVE-2017-7296

An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page aka mqtt.html of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configu...

CVE-2017-7295

An issue was discovered in Contiki Operating System 3.0. A use-after-free vulnerability exists in httpd-simple.c in cc26xx-web-demo httpd, where upon a connection close event, the httpstate structure was not deallocated properly, resulting in a NULL pointer dereference in the output processing...

CVE-2017-7296

The CVE concerns Contiki OS 3.0 with the cc26xx-web-demo’s MQTT/IBM Cloud Config page (mqtt.html). A Persistent XSS flaw arises from improper input sanitisation of text fields on that page, which processes HTTP POST requests and can inject JavaScript code remotely. Affected component: webserver o...

CVE-2017-7295

CVE-2017-7295 affects Contiki OS 3.0: use-after-free in httpd-simple.c within cc26xx-web-demo httpd. On connection close, http_state is not deallocated, causing a NULL pointer dereference in output processing and a board crash, i.e., denial of service. Connected docs confirm the vulnerability det...

uIP and lwIP DNS resolver vulnerable to cache poisoning

Overview The DNS resolver implemented in uIP and lwIP is vulnerable to cache poisoning due to non-randomized transaction IDs TXIDs and source port reuse. Description CWE-330: Use of Insufficiently Random Values - CVE-2014-4883The DNS resolver implemented in all versions of uIP, as well as lwIP...