CVE-2020-12140

HIGH

Contiki-ng < 4.4 - Buffer Overflow

Title source: rule
STIX 2.1

Description

A buffer overflow in os/net/mac/ble/ble-l2cap.c in the BLE stack in Contiki-NG 4.4 and earlier allows an attacker to execute arbitrary code via malicious L2CAP frames.

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://twitter.com/ScepticCtf
Patch, Third Party Advisory x_refsource_misc
https://github.com/contiki-ng/contiki-ng/pull/1662

Scores

CVSS v3 8.8
EPSS 0.0011
EPSS Percentile 28.9%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-120
Status published
Products (1)
contiki-ng/contiki-ng < 4.4
Published Dec 07, 2021
Tracked Since Feb 18, 2026