Out-of-bounds Read Vulnerability in Contiki-NG SNMP Stack
CVE-2020-12141

9.1CRITICAL

Key Information:

Vendor

Contiki-ng

Status
Contiki-ng
Vendor
CVE Published:
19 October 2021

What is CVE-2020-12141?

An out-of-bounds read vulnerability exists in the SNMP stack of Contiki-NG versions 4.4 and earlier. This flaw enables attackers to send specially crafted SNMP packets to the decoding function, potentially leading to denial of service events and the unauthorized disclosure of sensitive information. Users of Contiki-NG should take immediate steps to assess their exposure and apply necessary measures to mitigate this risk.

References

https://twitter.com/ScepticCtf
x_refsource_MISC
https://github.com/contiki-ng/contiki-ng/commit/12c824386...
x_refsource_MISC
https://github.com/contiki-ng/contiki-ng/pull/1355
x_refsource_MISC

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.