78 matches found
CVE-2023-29001 Uncontrolled recursion due to insufficient validation of the IPv6 source routing header in Contiki-NG
Contiki-NG is an open-source, cross-platform operating system for IoT devices. The Contiki-NG operating system processes source routing headers SRH in its two alternative RPL protocol implementations. The IPv6 implementation uses the results of this processing to determine whether an incoming...
CVE-2023-29001 Uncontrolled recursion due to insufficient validation of the IPv6 source routing header in Contiki-NG
Contiki-NG is an open-source, cross-platform operating system for IoT devices. The Contiki-NG operating system processes source routing headers SRH in its two alternative RPL protocol implementations. The IPv6 implementation uses the results of this processing to determine whether an incoming...
CVE-2023-29001
CVE-2023-29001 affects Contiki-NG. The IPv6 SRH processing in Contiki-NG’s two RPL implementations can cause an uncontrolled recursion in the function tcpip_ipv6_output when a packet with a local next-hop address is received, potentially triggering a stack overflow. Exploitation requires attacker...
CVE-2023-29001 Uncontrolled recursion due to insufficient validation of the IPv6 source routing header in Contiki-NG
Contiki-NG is an open-source, cross-platform operating system for IoT devices. The Contiki-NG operating system processes source routing headers SRH in its two alternative RPL protocol implementations. The IPv6 implementation uses the results of this processing to determine whether an incoming...
PT-2024-12187 · Unknown · Contiki-Ng
Name of the Vulnerable Software and Affected Versions: Contiki-NG affected versions not specified Description: The Contiki-NG operating system has an issue with its IPv6 implementation, specifically in the processing of source routing headers SRH in its two alternative RPL protocol implementation...
kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref
A use-after-free flaw was found in the Linux kernel’s IPv6 protocol functionality. This flaw allows a local user to potentially crash the system...
PT-2023-19798 · Riot-Os · Riot-Os
Name of the Vulnerable Software and Affected Versions: RIOT-OS versions prior to 2023.04 Description: The issue affects the network stack of RIOT-OS, specifically in the processing of 6LoWPAN frames. An attacker can send a crafted frame, resulting in an integer underflow and out of bounds access ...
Contiki-NG buffer overflow vulnerability (CNVD-2021-44268)
Contiki-NG is an open source cross-platform operating system for next-generation IoT devices. A buffer overflow vulnerability exists in the RPL source routing header processing in Contiki-NG versions prior to 4.5. An attacker could exploit this vulnerability to cause a denial of service...
Contiki-NG out-of-bounds write vulnerability (CNVD-2021-44269)
Contiki-NG is an open source cross-platform operating system for next-generation IoT devices. An out-of-bounds write vulnerability exists in the rplextheadersrhupdate function in rpl-ext-header.c in the RPL-Classic and RPL-Lite implementations of Contiki-NG prior to version 4.6. The vulnerability...
CVE-2021-21257
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. The RPL-Classic and RPL-Lite implementations in the Contiki-NG operating system versions prior to 4.6 do not validate the address pointer in the RPL source routing header This makes it possible for an...
CVE-2021-21257
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. The RPL-Classic and RPL-Lite implementations in the Contiki-NG operating system versions prior to 4.6 do not validate the address pointer in the RPL source routing header This makes it possible for an...
CVE-2021-21282
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In versions prior to 4.5, buffer overflow can be triggered by an input packet when using either of Contiki-NG's two RPL implementations in source-routing mode. The problem has been patched in Contiki-NG...
CVE-2021-21282
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In versions prior to 4.5, buffer overflow can be triggered by an input packet when using either of Contiki-NG's two RPL implementations in source-routing mode. The problem has been patched in Contiki-NG...
Buffer overflow
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In versions prior to 4.5, buffer overflow can be triggered by an input packet when using either of Contiki-NG's two RPL implementations in source-routing mode. The problem has been patched in Contiki-NG...
CVE-2021-21282 Buffer overflow in RPL source routing header processing
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In versions prior to 4.5, buffer overflow can be triggered by an input packet when using either of Contiki-NG's two RPL implementations in source-routing mode. The problem has been patched in Contiki-NG...
Contiki-NG 安全漏洞
Contiki-NG is an open source cross-platform operating system for next-generation IoT devices. A buffer overflow vulnerability exists in the RPL source routing header processing in Contiki-NG versions prior to 4.5. An attacker could exploit this vulnerability to cause a denial of service...
Contiki-NG 缓冲区错误漏洞
Contiki-NG is an open source cross-platform operating system for next-generation IoT devices. An out-of-bounds write vulnerability exists in the rplextheadersrhupdate function in rpl-ext-header.c in the RPL-Classic and RPL-Lite implementations of Contiki-NG prior to version 4.6. The vulnerability...
Microsoft Windows TCP/IP 安全漏洞
The Microsoft Windows operating system is a set of operating systems developed by Microsoft Corporation in the United States. A remote code execution vulnerability exists in Microsoft Windows TCP/IP, which can be triggered by constructing special IP source routing packets, and an attacker who...
Linux: Accept source routed packets
Source Routing enables a sender of a packet to specify the route the packet takes in a network. If source routed packages are accepted, an attacker could reach the system even if the private addresses are not routable from the internet. This script tests whether the Linux host is configured to...
Microsoft Windows: MSS: IP source routing protection level
This test checks the setting for policy OpenVAS Vulnerability Test $Id: winmlipsourcerouting.nasl 11337 2018-09-11 14:23:53Z emoss $ Check value for MSS: DisableIPSourceRouting IP source routing protection level protects against packet spoofing Authors: Emanuel Moss Copyright: Copyright c 2018...