CVE-2020-14935
CVSS V2 High 7.5
CVSS V3 Critical 9.8
Description
Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP bulk get request response encoding function. The function parsing the received SNMP request does not verify the input message's requested variables against the capacity of the internal SNMP engine buffer. When a bulk get request response is assembled, a stack buffer dedicated for OIDs (with a limited capacity) is allocated in snmp_engine_get_bulk(). When snmp_engine_get_bulk() is populating the stack buffer, an overflow condition may occur due to lack of input length validation. This makes it possible to overwrite stack regions beyond the allocated buffer, including the return address from the function. As a result, the code execution path may be redirected to an address provided in the SNMP bulk get payload. If the target architecture uses common addressing space for program and data memory, it may also be possible to supply code in the SNMP request payload, and redirect the execution path to the remotely injected code, by modifying the function's return address.
Overview
- CVE ID
- CVE-2020-14935
- Assigner
- cve@mitre.org
- Vulnerability Status
- Analyzed
- Published Version
- 2020-08-18T17:15:11
- Last Modified Date
- 2020-08-25T20:02:25
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
cpe:2.3:o:contiki-ng:contiki-ng:*:*:*:*:*:*:*:* | 1 | OR | 4.0 | 4.5 |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- Access Vector
- NETWORK
- Access Compatibility
- LOW
- Authentication
- NONE
- Confidentiality Impact
- PARTIAL
- Integrity Impact
- PARTIAL
- Availability Impact
- PARTIAL
- Base Score
- 7.5
- Severity
- HIGH
- Exploitability Score
- 10
- Impact Score
- 6.4
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Attack Vector
- NETWORK
- Attack Compatibility
- LOW
- Privileges Required
- NONE
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- HIGH
- Availability Impact
- HIGH
- Base Score
- 9.8
- Base Severity
- CRITICAL
- Exploitability Score
- 3.9
- Impact Score
- 5.9
References
Reference URL | Reference Tags |
---|---|
https://github.com/contiki-ng/contiki-ng/issues/1353 | Exploit Third Party Advisory |
https://drive.google.com/file/d/1qp3ZXaFRiR_imWg0lUbI7-D-hIT268EB/view?usp=sharing | Third Party Advisory |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2020-14935 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14935 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2022-05-10 16:28:27 | Added to TrackCVE | |||
2022-12-04 21:15:42 | 2020-08-18T17:15Z | 2020-08-18T17:15:11 | CVE Published Date | updated |
2022-12-04 21:15:42 | 2020-08-25T20:02:25 | CVE Modified Date | updated | |
2022-12-04 21:15:42 | Analyzed | Vulnerability Status | updated |