PT-2020-15953 · Contiki · Contiki

Published

2020-12-11

Updated

2020-12-15

CVE-2020-25111

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Contiki versions through 3.0

Description An issue in the IPv6 stack of Contiki leads to an insufficient check for the IPv6 header length. This results in Denial-of-Service and potential Remote Code Execution via a crafted ICMPv6 echo packet.

Recommendations For Contiki versions through 3.0, update to a version that includes a fix for the insufficient IPv6 header length check to prevent Denial-of-Service and potential Remote Code Execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2020-25111

Affected Products

Contiki

PT-2020-15953 · Contiki · Contiki

CVE-2020-25111

Weakness Enumeration

Related Identifiers

Affected Products

References · 10