Sign-up

ID

VAR-202008-0624


CVE

CVE-2020-14935


TITLE

Contiki-NG Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-009999

DESCRIPTION

Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP bulk get request response encoding function. The function parsing the received SNMP request does not verify the input message's requested variables against the capacity of the internal SNMP engine buffer. When a bulk get request response is assembled, a stack buffer dedicated for OIDs (with a limited capacity) is allocated in snmp_engine_get_bulk(). When snmp_engine_get_bulk() is populating the stack buffer, an overflow condition may occur due to lack of input length validation. This makes it possible to overwrite stack regions beyond the allocated buffer, including the return address from the function. As a result, the code execution path may be redirected to an address provided in the SNMP bulk get payload. If the target architecture uses common addressing space for program and data memory, it may also be possible to supply code in the SNMP request payload, and redirect the execution path to the remotely injected code, by modifying the function's return address. Contiki-NG Is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Contiki-NG is an open source cross-platform operating system for next-generation IoT (Internet of Things) devices. Contiki-NG version 4.4 to version 4.5 has a buffer error vulnerability. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow

Trust: 2.7

sources: NVD: CVE-2020-14935 // JVNDB: JVNDB-2020-009999 // CNVD: CNVD-2020-49537 // CNNVD: CNNVD-202008-931

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-49537

AFFECTED PRODUCTS

vendor:contiki ngmodel:contiki-ngscope:gteversion:4.0

Trust: 1.0

vendor:contiki ngmodel:contiki-ngscope:lteversion:4.5

Trust: 1.0

vendor:contiki ngmodel:contiki-ngscope:eqversion:4.4 から 4.5

Trust: 0.8

vendor:contiki ngmodel:contiki-ngscope:gteversion:4.4,<=4.5

Trust: 0.6

sources: CNVD: CNVD-2020-49537 // JVNDB: JVNDB-2020-009999 // NVD: CVE-2020-14935

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-14935
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-009999
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-49537
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202008-931
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2020-14935
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-009999
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-49537
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-14935
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-009999
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-49537 // JVNDB: JVNDB-2020-009999 // CNNVD: CNNVD-202008-931 // NVD: CVE-2020-14935

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2020-009999 // NVD: CVE-2020-14935

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-931

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202008-931

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-009999

PATCH
title:Stack overflow in SNMP bulk request processing #1353url:https://github.com/contiki-ng/contiki-ng/issues/1353
Trust: 0.8
title:Patch for Contiki-NG buffer overflow vulnerability (CNVD-2020-49537)url:https://www.cnvd.org.cn/patchInfo/show/231829
Trust: 0.6
title:Contiki-NG Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126573
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-49537 // 
            
            
            
            JVNDB: JVNDB-2020-009999 // 
            
            
            
            CNNVD: CNNVD-202008-931

EXTERNAL IDS
db:NVDid:CVE-2020-14935
Trust: 3.0
db:JVNDBid:JVNDB-2020-009999
Trust: 0.8
db:CNVDid:CNVD-2020-49537
Trust: 0.6
db:CNNVDid:CNNVD-202008-931
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-49537 // 
            
            
            
            JVNDB: JVNDB-2020-009999 // 
            
            
            
            CNNVD: CNNVD-202008-931 // 
            
            
            
            NVD: CVE-2020-14935

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-14935
Trust: 2.0
url:https://github.com/contiki-ng/contiki-ng/issues/1353
Trust: 1.6
url:https://drive.google.com/file/d/1qp3zxafrir_imwg0lubi7-d-hit268eb/view?usp=sharing
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14935
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-49537 // 
            
            
            
            JVNDB: JVNDB-2020-009999 // 
            
            
            
            CNNVD: CNNVD-202008-931 // 
            
            
            
            NVD: CVE-2020-14935

SOURCES
db:CNVDid:CNVD-2020-49537
db:JVNDBid:JVNDB-2020-009999
db:CNNVDid:CNNVD-202008-931
db:NVDid:CVE-2020-14935

LAST UPDATE DATE
2024-11-23T22:55:05.606000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-49537date:2020-08-31T00:00:00
db:JVNDBid:JVNDB-2020-009999date:2020-12-16T07:14:17
db:CNNVDid:CNNVD-202008-931date:2020-09-03T00:00:00
db:NVDid:CVE-2020-14935date:2024-11-21T05:04:28.397

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-49537date:2020-08-26T00:00:00
db:JVNDBid:JVNDB-2020-009999date:2020-12-16T07:14:17
db:CNNVDid:CNNVD-202008-931date:2020-08-18T00:00:00
db:NVDid:CVE-2020-14935date:2020-08-18T17:15:11.393