PT-2020-11255 · Contiki · Contiki-Ng+1

Tobias Scharnowski

Published

2020-04-23

Updated

2020-05-01

CVE-2019-8359

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Contiki-NG versions 4.3 and earlier Contiki versions 3.0 and earlier

Description An issue is present in the data section during 6LoWPAN fragment re-assembly due to forged fragment offsets in os/net/ipv6/sicslowpan.c, resulting in an out of bounds write.

Recommendations For Contiki-NG versions 4.3 and earlier, consider updating to a version that addresses the out of bounds write issue in os/net/ipv6/sicslowpan.c. For Contiki versions 3.0 and earlier, consider updating to a version that addresses the out of bounds write issue in os/net/ipv6/sicslowpan.c. As a temporary workaround, consider restricting the use of the sicslowpan.c module until a patch is available.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2019-8359

Affected Products

Contiki

Contiki-Ng

PT-2020-11255 · Contiki · Contiki-Ng+1

CVE-2019-8359

Weakness Enumeration

Related Identifiers

Affected Products

References · 6