EUVD-2021-26654

Malware in sbrugna...

CVE-2023-37281 Out-of-bounds read during IPHC address decompression

Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when processing the various IPv6 header fields during IPHC header decompression, Contiki-NG confirms the received packet buffer contains enough data as needed for that field. But no similar check is done...

CVE-2023-37281 Out-of-bounds read during IPHC address decompression

Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when processing the various IPv6 header fields during IPHC header decompression, Contiki-NG confirms the received packet buffer contains enough data as needed for that field. But no similar check is done...

CVE-2023-24823 RIOT-OS vulnerable to Packet Type Confusion during IPHC send

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a type confusion between IPv6 extension headers and a UDP header...

CVE-2023-24823 RIOT-OS vulnerable to Packet Type Confusion during IPHC send

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a type confusion between IPv6 extension headers and a UDP header...

CVE-2023-24823 RIOT-OS vulnerable to Packet Type Confusion during IPHC send

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a type confusion between IPv6 extension headers and a UDP header...

CVE-2023-24822 RIOT-OS vulnerable to Null Pointer dereference during IPHC encoding

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference while encoding a 6LoWPAN IPHC header. Th...

CVE-2023-24820 RIOT-OS vulnerable to Integer Underflow during IPHC receive

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. An attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write will create a hard fault...

CVE-2023-24820 RIOT-OS vulnerable to Integer Underflow during IPHC receive

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. An attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write will create a hard fault...

CVE-2023-24819 RIOT-OS vulnerable to Buffer Overflow during IPHC receive

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be us...

PT-2023-19804 · Riot-Os · Riot-Os

Name of the Vulnerable Software and Affected Versions: RIOT-OS versions prior to 2022.10 Description: RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. An attacker can send a crafted frame to the device,...

Zephyr integer underflow vulnerability

Zephyr is a small real-time operating system for interconnected, resource-constrained embedded devices. an integer underflow vulnerability in 6LoWPAN IPHC header decompression in Zephyr 2.4.0 and later can be exploited by attackers to cause out-of-bounds access in the Pv6 parsing logic...

CVE-2021-3323

Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions = =2.4.0 contain Integer Underflow Wrap or Wraparound CWE-191. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc...

Integer overflow

Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions = =2.4.0 contain Integer Underflow Wrap or Wraparound CWE-191. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc...

CVE-2021-3323 Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr

Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions = =2.4.0 contain Integer Underflow Wrap or Wraparound CWE-191. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc...

CVE-2021-3323

CVE-2021-3323 relates to an integer underflow in Zephyr’s 6LoWPAN IPHC header uncompression. Affected product: Zephyr RTOS (embedded, resource-constrained devices). Vulnerable component: 6LoWPAN IPHC header decompression logic. Root cause: integer underflow/wraparound (CWE-191) during IPHC proces...

Security update for the Linux Kernel (important)

The openSUSE Leap 42.3 kernel was updated to 4.4.162 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-18281: The mremap syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate removes entries from the pagetables of a...