Contiki Security Vulnerabilities and Issues — Contiki CVE List

Lucene search

Contiki-osContiki

10 matches found

CVE•added 2020/12/11 10:15 p.m.•55 views

CVE-2020-13985

An issue was discovered in Contiki through 3.0. A memory corruption vulnerability exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c.

7.5CVSS8.1AI score0.00548EPSS

CVE•added 2020/12/11 10:15 p.m.•50 views

CVE-2020-13986

An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c.

7.5CVSS7.9AI score0.0032EPSS

CVE•added 2020/12/11 10:15 p.m.•49 views

CVE-2020-13984

An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when processing IPv6 extension headers in ext_hdr_options_process in net/ipv6/uip6.c.

7.5CVSS7.9AI score0.00447EPSS

CVE•added 2021/03/24 2:15 p.m.•49 views

CVE-2021-28362

An issue was discovered in Contiki through 3.0. When sending an ICMPv6 error message because of invalid extension header options in an incoming IPv6 packet, there is an attempt to remove the RPL extension headers. Because the packet length and the extension header length are unchecked (with respect...

7.5CVSS8.1AI score0.0035EPSS

CVE•added 2021/08/09 10:15 p.m.•45 views

CVE-2021-38311

In Contiki 3.0, potential nonterminating acknowledgment loops exist in the Telnet service. When the negotiated options are already disabled, servers still respond to DONT and WONT requests with WONT or DONT commands, which may lead to infinite acknowledgment loops, denial of service, and excessive ...

7.5CVSS7.5AI score0.0028EPSS

CVE•added 2021/08/10 7:15 p.m.•38 views

CVE-2021-38386

In Contiki 3.0, a buffer overflow in the Telnet service allows remote attackers to cause a denial of service because the ls command is mishandled when a directory has many files with long names.

7.5CVSS7.7AI score0.00601EPSS

CVE•added 2017/05/28 12:29 a.m.•33 views

CVE-2017-7295

An issue was discovered in Contiki Operating System 3.0. A use-after-free vulnerability exists in httpd-simple.c in cc26xx-web-demo httpd, where upon a connection close event, the http_state structure was not deallocated properly, resulting in a NULL pointer dereference in the output processing fun...

7.8CVSS7.4AI score0.00348EPSS

CVE•added 2021/09/05 7:15 p.m.•33 views

CVE-2021-40523

In Contiki 3.0, Telnet option negotiation is mishandled. During negotiation between a server and a client, the server may fail to give the WILL/WONT or DO/DONT response for DO and WILL commands because of improper handling of exception condition, which leads to property violations and denial of ser...

7.5CVSS7.8AI score0.00334EPSS

CVE•added 2020/04/23 3:15 p.m.•31 views

CVE-2019-9183

An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. A buffer overflow is present due to an integer underflow during 6LoWPAN fragment processing in the face of truncated fragments in os/net/ipv6/sicslowpan.c. This results in accesses of unmapped memory, crashing the applicatio...

7.5CVSS7.5AI score0.00585EPSS

CVE•added 2021/08/10 7:15 p.m.•30 views

CVE-2021-38387

In Contiki 3.0, a Telnet server that silently quits (before disconnection with clients) leads to connected clients entering an infinite loop and waiting forever, which may cause excessive CPU consumption.

7.5CVSS7.4AI score0.00334EPSS