CVE-2020-13985

HIGH

Contiki < 3.0 - Integer Overflow

Title source: rule

Description

An issue was discovered in Contiki through 3.0. A memory corruption vulnerability exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c.

References (2)

[Third Party Advisory, US Government Resource] https://www.kb.cert.org/vuls/id/815128

[Third Party Advisory, US Government Resource] https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01

Scores

CVSS v3 7.5

EPSS 0.0055

EPSS Percentile 68.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-190 CWE-681 CWE-787

Status published

Products (1)

contiki-os/contiki < 3.0

Published Dec 11, 2020

Tracked Since Feb 18, 2026