Sign-up

ID

VAR-202004-0705


CVE

CVE-2019-8359


TITLE

Contiki-NG and Contiki Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2019-015536

DESCRIPTION

An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. An out of bounds write is present in the data section during 6LoWPAN fragment re-assembly in the face of forged fragment offsets in os/net/ipv6/sicslowpan.c. Contiki-NG and Contiki Is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Contiki is an open source cross-platform operating system for IoT (Internet of Things) devices. Contiki-NG is an open source cross-platform operating system for next-generation IoT (Internet of Things) devices. There is a buffer error vulnerability in Contiki-NG 4.3 and earlier and Contiki 3.0 and earlier. The vulnerability stems from the fact that when a network system or product performs an operation on memory, the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow

Trust: 2.7

sources: NVD: CVE-2019-8359 // JVNDB: JVNDB-2019-015536 // CNVD: CNVD-2020-31602 // CNNVD: CNNVD-202004-1972

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-31602

AFFECTED PRODUCTS

vendor:contiki ngmodel:contiki-ngscope:lteversion:4.3

Trust: 1.0

vendor:contiki osmodel:contikiscope:lteversion:3.0

Trust: 1.0

vendor:contiki ngmodel:contikiscope:eqversion:3.0

Trust: 0.8

vendor:contiki ngmodel:contiki-ngscope:eqversion:4.3

Trust: 0.8

vendor:contiki ngmodel:contiki-ngscope:lteversion:<=4.3

Trust: 0.6

vendor:contikimodel:contikiscope:lteversion:<=3.0

Trust: 0.6

sources: CNVD: CNVD-2020-31602 // JVNDB: JVNDB-2019-015536 // NVD: CVE-2019-8359

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-8359
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2019-015536
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-31602
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202004-1972
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2019-8359
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015536
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-31602
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-8359
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-015536
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-31602 // JVNDB: JVNDB-2019-015536 // CNNVD: CNNVD-202004-1972 // NVD: CVE-2019-8359

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2019-015536 // NVD: CVE-2019-8359

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1972

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202004-1972

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015536

PATCH
title:Version 4.4url:https://github.com/contiki-ng/contiki-ng/releases/tag/release%2Fv4.4
Trust: 0.8
title:sicslowpan vulnerability fixes #972url:https://github.com/contiki-ng/contiki-ng/pull/972
Trust: 0.8
title:Patch for Contiki and Contiki-NG buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/220319
Trust: 0.6
title:Contiki  and Contiki-NG Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117258
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-31602 // 
            
            
            
            JVNDB: JVNDB-2019-015536 // 
            
            
            
            CNNVD: CNNVD-202004-1972

EXTERNAL IDS
db:NVDid:CVE-2019-8359
Trust: 3.0
db:JVNDBid:JVNDB-2019-015536
Trust: 0.8
db:CNVDid:CNVD-2020-31602
Trust: 0.6
db:CNNVDid:CNNVD-202004-1972
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-31602 // 
            
            
            
            JVNDB: JVNDB-2019-015536 // 
            
            
            
            CNNVD: CNNVD-202004-1972 // 
            
            
            
            NVD: CVE-2019-8359

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-8359
Trust: 2.0
url:https://github.com/contiki-ng/contiki-ng/releases/tag/release%2fv4.4
Trust: 1.6
url:https://github.com/contiki-ng/contiki-ng/pull/972
Trust: 1.6
url:https://www.usenix.org/system/files/sec20summer_clements_prepub.pdf
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8359
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-31602 // 
            
            
            
            JVNDB: JVNDB-2019-015536 // 
            
            
            
            CNNVD: CNNVD-202004-1972 // 
            
            
            
            NVD: CVE-2019-8359

SOURCES
db:CNVDid:CNVD-2020-31602
db:JVNDBid:JVNDB-2019-015536
db:CNNVDid:CNNVD-202004-1972
db:NVDid:CVE-2019-8359

LAST UPDATE DATE
2024-11-23T21:51:35.277000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-31602date:2020-06-04T00:00:00
db:JVNDBid:JVNDB-2019-015536date:2020-06-03T00:00:00
db:CNNVDid:CNNVD-202004-1972date:2020-05-06T00:00:00
db:NVDid:CVE-2019-8359date:2024-11-21T04:49:45.360

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-31602date:2020-06-04T00:00:00
db:JVNDBid:JVNDB-2019-015536date:2020-06-03T00:00:00
db:CNNVDid:CNNVD-202004-1972date:2020-04-23T00:00:00
db:NVDid:CVE-2019-8359date:2020-04-23T15:15:13.903