- Description
- Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the default Contiki-NG configuration. The vulnerability exists in the os/net/app-layer/snmp/snmp-ber.c module, where the function snmp_ber_decode_string_len_buffer decodes the string length from a received SNMP packet. In one place, one byte is read from the buffer, without checking that the buffer has another byte available, leading to a possible out-of-bounds read. The problem has been patched in Contiki-NG pull request #2936. It will be included in the next release of Contiki-NG. Users are advised to apply the patch manually or to wait for the next release. A workaround is to disable the SNMP module in the Contiki-NG build configuration.
- Source
- security-advisories@github.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 8.3
- Impact score
- 6
- Exploitability score
- 1.6
- Vector string
- CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-125
- Hype score
- Not currently trending
Contiki-NG の脆弱性 CVE-2024-41125 などが FIX:デバイス・クラッシュ/悪意のコード実行の可能性 https://t.co/xDDrYNROMw Contiki-NG の脆弱性が FIX とのことです。この単語でググってみたら、MONOIST… https://t.co/XPz1AyZHuw
@iototsecnews
9 Dec 2024
83 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-41125: HIGH] Vulnerability in Contiki-NG operating system allows out-of-bounds read with SNMP enabled. Apply patch in PR #2936 or disable SNMP module to mitigate risk. #CyberSecurity#cybersecurity,#vulnerability https://t.co/HMj3hWpjzA https://t.co/5mQyzqM3rL
@CveFindCom
27 Nov 2024
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-41125 Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device runn… https://t.co/sNkmIXE4Hc
@CVEnew
27 Nov 2024
391 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes