Description

Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the default Contiki-NG configuration. The vulnerability exists in the os/net/app-layer/snmp/snmp-ber.c module, where the function snmp_ber_decode_string_len_buffer decodes the string length from a received SNMP packet. In one place, one byte is read from the buffer, without checking that the buffer has another byte available, leading to a possible out-of-bounds read. The problem has been patched in Contiki-NG pull request #2936. It will be included in the next release of Contiki-NG. Users are advised to apply the patch manually or to wait for the next release. A workaround is to disable the SNMP module in the Contiki-NG build configuration.

INFO

Published Date :

2024-11-27T18:20:45.613Z

Last Modified :

2024-11-27T19:22:42.056Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-41125 vulnerability.

Vendors Products
Contiki-ng
  • Contiki-ng
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-41125.

URL Resource
https://github.com/contiki-ng/contiki-ng/pull/2936 cve-icon cve-icon
https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-qjj3-gqx7-438w cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact