Sign-up

ID

VAR-202008-0626


CVE

CVE-2020-14937


TITLE

Contiki-NG Out-of-bounds read vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-010012

DESCRIPTION

Memory access out of buffer boundaries issues was discovered in Contiki-NG 4.4 through 4.5, in the SNMP BER encoder/decoder. The length of provided input/output buffers is insufficiently verified during the encoding and decoding of data. This may lead to out-of-bounds buffer read or write access in BER decoding and encoding functions. Contiki-NG There is an out-of-bounds read vulnerability and an out-of-bounds write vulnerability in.Information is obtained and service operation is interrupted (DoS) It may be put into a state. Contiki-NG is an open source cross-platform operating system for next-generation IoT (Internet of Things) devices. Contiki-NG version 4.4 to version 4.5 has a buffer error vulnerability. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow

Trust: 2.7

sources: NVD: CVE-2020-14937 // JVNDB: JVNDB-2020-010012 // CNVD: CNVD-2020-49535 // CNNVD: CNNVD-202008-926

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-49535

AFFECTED PRODUCTS

vendor:contiki ngmodel:contiki-ngscope:gteversion:4.4

Trust: 1.0

vendor:contiki ngmodel:contiki-ngscope:lteversion:4.5

Trust: 1.0

vendor:contiki ngmodel:contiki-ngscope:eqversion:4.4 から 4.5

Trust: 0.8

vendor:contiki ngmodel:contiki-ngscope:gteversion:4.4,<=4.5

Trust: 0.6

sources: CNVD: CNVD-2020-49535 // JVNDB: JVNDB-2020-010012 // NVD: CVE-2020-14937

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-14937
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-010012
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-49535
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202008-926
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2020-14937
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-010012
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-49535
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-14937
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-010012
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-49535 // JVNDB: JVNDB-2020-010012 // CNNVD: CNNVD-202008-926 // NVD: CVE-2020-14937

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.8

problemtype:CWE-125

Trust: 1.8

sources: JVNDB: JVNDB-2020-010012 // NVD: CVE-2020-14937

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-926

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202008-926

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-010012

PATCH
title:Out of bounds memory access in SNMP BER decoder/encoder routines #1354url:https://github.com/contiki-ng/contiki-ng/issues/1354
Trust: 0.8
title:Patch for Contiki-NG buffer overflow vulnerability (CNVD-2020-49535)url:https://www.cnvd.org.cn/patchInfo/show/231817
Trust: 0.6
title:Contiki-NG Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126568
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-49535 // 
            
            
            
            JVNDB: JVNDB-2020-010012 // 
            
            
            
            CNNVD: CNNVD-202008-926

EXTERNAL IDS
db:NVDid:CVE-2020-14937
Trust: 3.0
db:JVNDBid:JVNDB-2020-010012
Trust: 0.8
db:CNVDid:CNVD-2020-49535
Trust: 0.6
db:CNNVDid:CNNVD-202008-926
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-49535 // 
            
            
            
            JVNDB: JVNDB-2020-010012 // 
            
            
            
            CNNVD: CNNVD-202008-926 // 
            
            
            
            NVD: CVE-2020-14937

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-14937
Trust: 2.0
url:https://github.com/contiki-ng/contiki-ng/issues/1354
Trust: 1.6
url:https://drive.google.com/file/d/1makjbvznv5pmvwlojru0njh38zexpwui/view?usp=sharing
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14937
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-49535 // 
            
            
            
            JVNDB: JVNDB-2020-010012 // 
            
            
            
            CNNVD: CNNVD-202008-926 // 
            
            
            
            NVD: CVE-2020-14937

SOURCES
db:CNVDid:CNVD-2020-49535
db:JVNDBid:JVNDB-2020-010012
db:CNNVDid:CNNVD-202008-926
db:NVDid:CVE-2020-14937

LAST UPDATE DATE
2024-11-23T22:37:16.412000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-49535date:2020-08-31T00:00:00
db:JVNDBid:JVNDB-2020-010012date:2020-12-16T08:41:47
db:CNNVDid:CNNVD-202008-926date:2020-09-03T00:00:00
db:NVDid:CVE-2020-14937date:2024-11-21T05:04:28.720

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-49535date:2020-08-26T00:00:00
db:JVNDBid:JVNDB-2020-010012date:2020-12-16T08:41:47
db:CNNVDid:CNNVD-202008-926date:2020-08-18T00:00:00
db:NVDid:CVE-2020-14937date:2020-08-18T16:15:13.713