Contiki-ng Security Vulnerabilities and Issues — Contiki-ng CVE List

Lucene search

Contiki-ngContiki-ng

9 matches found

CVE•added 2021/06/18 9:15 p.m.•70 views

CVE-2021-21257

Contiki-NG is an open-source, cross-platform operating system for internet of things devices. The RPL-Classic and RPL-Lite implementations in the Contiki-NG operating system versions prior to 4.6 do not validate the address pointer in the RPL source routing header This makes it possible for an atta...

8.2CVSS7.7AI score0.00334EPSS

CVE•added 2022/09/01 12:15 p.m.•55 views

CVE-2022-36053

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The low-power IPv6 network stack of Contiki-NG has a buffer module (os/net/ipv6/uipbuf.c) that processes IPv6 extension headers in incoming data packets. As part of this processing, the function uipbuf_ge...

8.8CVSS7.2AI score0.00101EPSS

CVE•added 2022/09/01 12:15 p.m.•54 views

CVE-2022-36054

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in the Contiki-NG operating system (file os/net/ipv6/sicslowpan.c) contains an input function that processes incoming packets and copies them into a packet buffer. Because of a ...

8.8CVSS7.7AI score0.0012EPSS

CVE•added 2022/09/01 12:15 p.m.•50 views

CVE-2022-36052

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in Contiki-NG may cast a UDP header structure at a certain offset in a packet buffer. The code does not check whether the packet buffer is large enough to fit a full UDP header ...

8.8CVSS7.3AI score0.0012EPSS

CVE•added 2024/11/27 7:15 p.m.•50 views

CVE-2023-29001

Contiki-NG is an open-source, cross-platform operating system for IoT devices. The Contiki-NG operating system processes source routing headers (SRH) in its two alternative RPL protocol implementations. The IPv6 implementation uses the results of this processing to determine whether an incoming pac...

8.7CVSS6.9AI score0.00077EPSS

CVE•added 2022/08/04 9:15 p.m.•49 views

CVE-2021-32771

Contiki-NG is an open-source, cross-platform operating system for IoT devices. In affected versions it is possible to cause a buffer overflow when copying an IPv6 address prefix in the RPL-Classic implementation in Contiki-NG. In order to trigger the vulnerability, the Contiki-NG system must have j...

8.1CVSS8.2AI score0.00694EPSS

CVE•added 2023/01/26 9:18 p.m.•44 views

CVE-2023-23609

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to and including 4.8 are vulnerable to an out-of-bounds write that can occur in the BLE-L2CAP module. The Bluetooth Low Energy - Logical Link Control and Adaptation Layer Protocol (BLE-L2CA...

8.2CVSS7.7AI score0.00065EPSS

CVE•added 2024/02/14 8:15 p.m.•33 views

CVE-2023-50927

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An attacker can trigger out-of-bounds reads in the RPL-Lite implementation of the RPL protocol in the Contiki-NG operating system. This vulnerability is caused by insufficient control of the lengths for D...

8.6CVSS8.5AI score0.00319EPSS

CVE•added 2021/12/07 7:15 p.m.•27 views

CVE-2020-12140

A buffer overflow in os/net/mac/ble/ble-l2cap.c in the BLE stack in Contiki-NG 4.4 and earlier allows an attacker to execute arbitrary code via malicious L2CAP frames.

8.8CVSS9AI score0.0011EPSS