CVE-2019-9183

Published: Apr 23, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. A buffer overflow is present due to an integer underflow during 6LoWPAN fragment processing in the face of truncated fragments in os/net/ipv6/sicslowpan.c. This results in accesses of unmapped memory, crashing the application. An attacker can cause a denial-of-service via a crafted 6LoWPAN frame.

Affected (2)

Products: Contiki Ng: Contiki Ng · Contiki Os: Contiki

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Contiki Ng Contiki Ng	Up to 4.3
Contiki Os Contiki	Up to 3.0

Related CWEs

Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (6)

https://github.com/contiki-ng/contiki-ng/pull/972

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/contiki-ng/contiki-ng/releases/tag/release%2Fv4.4

Source: cve@mitre.org

Release NotesThird Party Advisory

https://www.usenix.org/system/files/sec20summer_clements_prepub.pdf

Source: cve@mitre.org

Technical DescriptionThird Party Advisory

https://github.com/contiki-ng/contiki-ng/pull/972

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/contiki-ng/contiki-ng/releases/tag/release%2Fv4.4

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://www.usenix.org/system/files/sec20summer_clements_prepub.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Technical DescriptionThird Party Advisory

Timeline

No history available yet.