Description

Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the default Contiki-NG configuration. The vulnerability exists in the os/net/app-layer/snmp/snmp-message.c module, where the snmp_message_decode function fails to check the boundary of the message buffer when reading a byte from it immediately after decoding an object identifier (OID). The problem has been patched in Contiki-NG pull request 2937. It will be included in the next release of Contiki-NG. Users are advised to either apply the patch manually or to wait for the next release. A workaround is to disable the SNMP module in the Contiki-NG build configuration.

INFO

Published Date :

2024-11-27T18:20:43.701Z

Last Modified :

2024-11-27T19:22:41.923Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-41126 vulnerability.

Vendors Products
Contiki-ng
  • Contiki-ng
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-41126.

URL Resource
https://github.com/contiki-ng/contiki-ng/pull/2937 cve-icon cve-icon
https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-444j-93j3-5gj4 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact