Writeup Exploits

63,078 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-12140 WRITEUP HIGH
Contiki-NG < 4.4 - Remote Code Execution via Malicious L2CAP Frames
A buffer overflow in os/net/mac/ble/ble-l2cap.c in the BLE stack in Contiki-NG 4.4 and earlier allows an attacker to execute arbitrary code via malicious L2CAP frames.
CVSS 8.8
CVE-2019-9183 WRITEUP HIGH
Contiki-NG < 4.3 and Contiki < 3.0 - Denial of Service via 6LoWPAN Fragment Processing Integer Underflow
An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. A buffer overflow is present due to an integer underflow during 6LoWPAN fragment processing in the face of truncated fragments in os/net/ipv6/sicslowpan.c. This results in accesses of unmapped memory, crashing the application. An attacker can cause a denial-of-service via a crafted 6LoWPAN frame.
CVSS 7.5
CVE-2019-9183 WRITEUP HIGH
Contiki-NG < 4.3 and Contiki < 3.0 - Denial of Service via 6LoWPAN Fragment Processing Integer Underflow
An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. A buffer overflow is present due to an integer underflow during 6LoWPAN fragment processing in the face of truncated fragments in os/net/ipv6/sicslowpan.c. This results in accesses of unmapped memory, crashing the application. An attacker can cause a denial-of-service via a crafted 6LoWPAN frame.
CVSS 7.5
CVE-2019-8359 WRITEUP CRITICAL
Contiki-NG < 4.3 and Contiki < 3.0 - Out-of-bounds Write in 6LoWPAN Fragment Re-assembly
An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. An out of bounds write is present in the data section during 6LoWPAN fragment re-assembly in the face of forged fragment offsets in os/net/ipv6/sicslowpan.c.
CVSS 9.8
CVE-2019-8359 WRITEUP CRITICAL
Contiki-NG < 4.3 and Contiki < 3.0 - Out-of-bounds Write in 6LoWPAN Fragment Re-assembly
An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. An out of bounds write is present in the data section during 6LoWPAN fragment re-assembly in the face of forged fragment offsets in os/net/ipv6/sicslowpan.c.
CVSS 9.8
CVE-2018-20579 WRITEUP HIGH
Contiki-NG < 4.2 - Stack-Based Buffer Overflow in JSON Parser
Contiki-NG before 4.2 has a stack-based buffer overflow in the push function in os/lib/json/jsonparse.c that allows an out-of-bounds write of an '{' or '[' character.
CVSS 7.1
CVE-2018-19417 WRITEUP CRITICAL
contiki-ng < 4.2 - Remote Code Execution via MQTT PUBLISH Message Buffer Overflow
An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function parse_publish_vhdr() that parses MQTT PUBLISH messages with a variable length header uses memcpy to input data into a fixed size buffer. The allocated buffer can fit only MQTT_MAX_TOPIC_LENGTH (default 64) bytes, and a length check is missing. This could lead to Remote Code Execution via a stack-smashing attack (overwriting the function return address). Contiki-NG does not separate the MQTT server from other servers and the OS modules, so access to all memory regions is possible.
CVSS 10.0
CVE-2018-16667 WRITEUP HIGH
Contiki-NG < 4.1 - Out-of-bounds Read in AQL Parser
An issue was discovered in Contiki-NG through 4.1. There is a buffer over-read in lookup in os/storage/antelope/lvm.c while parsing AQL (lvm_register_variable, lvm_set_variable_value, create_intersection, create_union).
CVSS 7.0
CVE-2018-16666 WRITEUP HIGH
contiki-ng < 4.1 - Stack-based Buffer Overflow in AQL Lexer String Parsing
An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in next_string in os/storage/antelope/aql-lexer.c while parsing AQL (parsing next string).
CVSS 7.8
CVE-2018-16665 WRITEUP MEDIUM
Contiki-NG < 4.1 - Buffer Overflow in AQL Parser
An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow while parsing AQL in lvm_shift_for_operator in os/storage/antelope/lvm.c.
CVSS 6.1
CVE-2018-16664 WRITEUP HIGH
contiki-ng < 4.1 - Buffer Overflow in lvm_set_type via AQL Parsing
An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow in lvm_set_type in os/storage/antelope/lvm.c while parsing AQL (lvm_set_op, lvm_set_relation, lvm_set_operand).
CVSS 7.0
CVE-2018-16663 WRITEUP HIGH
contiki-ng < 4.1 - Stack-based Buffer Overflow in AQL Parser
An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in parse_relations in os/storage/antelope/aql-parser.c while parsing AQL (storage of relations).
CVSS 7.8
CVE-2018-1000804 WRITEUP CRITICAL
contiki-ng 4 - Buffer Overflow in AQL Database Engine
contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable via Attacker must be able to run malicious AQL code (e.g. via SQL-like Injection attack).
CVSS 9.8
CVE-2018-1000804 WRITEUP CRITICAL
contiki-ng 4 - Buffer Overflow in AQL Database Engine
contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable via Attacker must be able to run malicious AQL code (e.g. via SQL-like Injection attack).
CVSS 9.8
CVE-2021-40523 WRITEUP HIGH
Contiki 3.0 - Denial of Service via Telnet Option Negotiation Buffer Exhaustion
In Contiki 3.0, Telnet option negotiation is mishandled. During negotiation between a server and a client, the server may fail to give the WILL/WONT or DO/DONT response for DO and WILL commands because of improper handling of exception condition, which leads to property violations and denial of service. Specifically, a server sometimes sends no response, because a fixed buffer space is available for all responses and that space may have been exhausted.
CVSS 7.5
CVE-2021-38387 WRITEUP HIGH
Contiki 3.0 - Denial of Service via Telnet Server Disconnection
In Contiki 3.0, a Telnet server that silently quits (before disconnection with clients) leads to connected clients entering an infinite loop and waiting forever, which may cause excessive CPU consumption.
CVSS 7.5
CVE-2021-38386 WRITEUP HIGH
Contiki 3.0 - Denial of Service via Telnet Service ls Command
In Contiki 3.0, a buffer overflow in the Telnet service allows remote attackers to cause a denial of service because the ls command is mishandled when a directory has many files with long names.
CVSS 7.5
CVE-2021-38311 WRITEUP HIGH
Contiki 3.0 - Denial of Service via Telnet Option Negotiation Loop
In Contiki 3.0, potential nonterminating acknowledgment loops exist in the Telnet service. When the negotiated options are already disabled, servers still respond to DONT and WONT requests with WONT or DONT commands, which may lead to infinite acknowledgment loops, denial of service, and excessive CPU consumption.
CVSS 7.5
CVE-2021-28362 WRITEUP HIGH
Contiki < 3.0 - Denial of Service via ICMPv6 Error Message with Invalid Extension Header
An issue was discovered in Contiki through 3.0. When sending an ICMPv6 error message because of invalid extension header options in an incoming IPv6 packet, there is an attempt to remove the RPL extension headers. Because the packet length and the extension header length are unchecked (with respect to the available data) at this stage, and these variables are susceptible to integer underflow, it is possible to construct an invalid extension header that will cause memory corruption issues and lead to a Denial-of-Service condition. This is related to rpl-ext-header.c.
CVSS 7.5
CVE-2020-24335 WRITEUP HIGH
uip < 1.0 - Out-of-bounds Read via DNS Packet Parsing
An issue was discovered in uIP through 1.0, as used in Contiki and Contiki-NG. Domain name parsing lacks bounds checks, allowing an attacker to corrupt memory with crafted DNS packets.
CVSS 7.5
CVE-2020-24370 WRITEUP MEDIUM
Lua 5.4.0 - Integer Underflow via getlocal/setlocal Debug Interface
ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).
CVSS 5.3
CVE-2020-24572 WRITEUP HIGH
RaspAP 2.5 - Authenticated OS Command Injection via Web Console
An issue was discovered in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured (and virtually unrestricted) web console to attack the underlying OS (Raspberry Pi) running this software, and execute commands on the system (including ones for uploading of files and execution of code).
CVSS 8.8
CVE-2020-24750 WRITEUP HIGH
jackson-databind 2.0.0-2.9.10.5 - Deserialization of Untrusted Data via JndiConfiguration
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
CVSS 8.1
CVE-2020-24769 WRITEUP CRITICAL
NexusPHP 1.5 - SQL Injection via takeconfirm.php classes Parameter
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter.
CVSS 9.8
CVE-2020-24770 WRITEUP CRITICAL
NexusPHP 1.5 - SQL Injection via modrules.php id Parameter
SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVSS 9.8