EUVD-2021-26654

Malware in sbrugna...

CVE-2023-37281 Out-of-bounds read during IPHC address decompression

Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when processing the various IPv6 header fields during IPHC header decompression, Contiki-NG confirms the received packet buffer contains enough data as needed for that field. But no similar check is done...

CVE-2023-37281 Out-of-bounds read during IPHC address decompression

Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when processing the various IPv6 header fields during IPHC header decompression, Contiki-NG confirms the received packet buffer contains enough data as needed for that field. But no similar check is done...

CVE-2023-24823 RIOT-OS vulnerable to Packet Type Confusion during IPHC send

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a type confusion between IPv6 extension headers and a UDP header...

CVE-2023-24823 RIOT-OS vulnerable to Packet Type Confusion during IPHC send

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a type confusion between IPv6 extension headers and a UDP header...

CVE-2023-24823 RIOT-OS vulnerable to Packet Type Confusion during IPHC send

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a type confusion between IPv6 extension headers and a UDP header...

CVE-2023-24822 RIOT-OS vulnerable to Null Pointer dereference during IPHC encoding

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference while encoding a 6LoWPAN IPHC header. Th...

CVE-2023-24820 RIOT-OS vulnerable to Integer Underflow during IPHC receive

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. An attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write will create a hard fault...

CVE-2023-24820 RIOT-OS vulnerable to Integer Underflow during IPHC receive

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. An attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write will create a hard fault...

CVE-2023-24819 RIOT-OS vulnerable to Buffer Overflow during IPHC receive

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be us...

PT-2023-19804 · Riot-Os · Riot-Os

Name of the Vulnerable Software and Affected Versions: RIOT-OS versions prior to 2022.10 Description: RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. An attacker can send a crafted frame to the device,...

Zephyr integer underflow vulnerability

Zephyr is a small real-time operating system for interconnected, resource-constrained embedded devices. an integer underflow vulnerability in 6LoWPAN IPHC header decompression in Zephyr 2.4.0 and later can be exploited by attackers to cause out-of-bounds access in the Pv6 parsing logic...

CVE-2021-3323

Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions = =2.4.0 contain Integer Underflow Wrap or Wraparound CWE-191. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc...

Integer overflow

Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions = =2.4.0 contain Integer Underflow Wrap or Wraparound CWE-191. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc...

CVE-2021-3323

CVE-2021-3323 relates to an integer underflow in Zephyr’s 6LoWPAN IPHC header uncompression. Affected product: Zephyr RTOS (embedded, resource-constrained devices). Vulnerable component: 6LoWPAN IPHC header decompression logic. Root cause: integer underflow/wraparound (CWE-191) during IPHC proces...

CVE-2021-3323 Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr

Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions = =2.4.0 contain Integer Underflow Wrap or Wraparound CWE-191. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc...

Security update for the Linux Kernel (important)

The openSUSE Leap 42.3 kernel was updated to 4.4.162 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-18281: The mremap syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate removes entries from the pagetables of a...