CVE-2020-14937

Name of the Vulnerable Software and Affected Versions Contiki-NG versions 4.4 through 4.5

Description A memory access issue was discovered in the SNMP BER encoder/decoder, where the length of provided input/output buffers is insufficiently verified during encoding and decoding of data. This may lead to out-of-bounds buffer read or write access in BER decoding and encoding functions.

Recommendations For Contiki-NG versions 4.4 through 4.5, as a temporary workaround, consider restricting the use of the SNMP BER encoder/decoder until a patch is available. Avoid using the affected functions for encoding and decoding data until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.