CVE-2020-14934
Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. The function parsing the received SNMP request does not verify the input message's requested variables against the capacity of the internal SNMP engine buffer. If the number of variables in the request exceeds the allocated buffer, a memory write out of the buffer boundaries occurs. This write operation provides a possibility to overwrite other variables allocated in the .bss section by the application. Because the sender of the frame is in control of the content that will be written beyond the buffer limits, and there is no strict process memory separation, this issue may allow overwriting of sensitive memory areas of an IoT device.
-
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-
18/08/2020
Operating Systems 1
Contiki-Ng
by Contiki-Ng
2 months ago
Vulnerability Categories 1
Out-of-bounds Write
Advisory Links 2
Related CVEs
Security Research Topics
February Trending CVEs: CVE-2021-3156
As stewards of the lush and vast landscape of security vulnerabilities, we felt obliged to share with you the top trending CVEs of the past month (who's excited for winter to be over?! 😁☀️🌷). Brace yourself! Ok, here we go.
February Trending CVEs: CVE-2020-1472
As stewards of the lush and vast landscape of security vulnerabilities, we felt obliged to share with you the top trending CVEs of the past month (who's excited for winter to be over?! 😁☀️🌷). Brace yourself! Ok, here we go.
February Trending CVEs: CVE-2021-24078
As stewards of the lush and vast landscape of security vulnerabilities, we felt obliged to share with you the top trending CVEs of the past month (who's excited for winter to be over?! 😁☀️🌷). Brace yourself! Ok, here we go.
Top Trending CVEs of January 2021
Well, we made it through the first month of 2021! (Hopefully without any scratches or bruises 😅). As stewards of the lush and vast landscape of security vulnerabilities, we felt obliged to share with you the top trending CVEs of the past month. So, without further ado, The Top Trending CVEs of January 2021:
Security Vulnerability Examples
As the threat landscape changes, the ability to address the most common types of security vulnerabilities is vital for robust protection. As information becomes the most essential asset for an organization, cybersecurity gains much more importance. To successfully conduct your business and preserve the hard-earned reputation of your company, you need to protect your data from malicious attacks, data breaches and hackers.
Zoom Security Vulnerabilities
As if times haven’t been hard enough, businesses are dealing with new security threats while employees work from home and some have major issues with one of the most popular video conferencing platforms, Zoom.
What is a Vulnerability?
This article will offer a quick guide to vulnerabilities – what they are, how they can be exploited and the consequences of exploitation. A vulnerability is a weakness in an asset that can be exploited by cyber attackers. It’s a known issue that allows an attack to succeed.
Top 10 Software Vulnerabilities
Security testing is an assessment of the sensitivity of a software vulnerability to various attacks. What type of attacks? Mainly unauthorized breaches into the system with the aim of extracting data about users or getting confidential information. With the help of vulnerabilities present in the software code, attackers can achieve their objectives.
Zero-Day Vulnerability: Defense Strategies
A zero-day is a weakness in hardware, software or firmware that is not known to the parties responsible for patching or fixing the flaw. The term zero refers to an attack that has zero days between the time the vulnerability is discovered and the first attack. Once a zero-day vulnerability is known to the public, it’s known as a one-day or n-day vulnerability.
Start Closing Security Gaps
- Risk reduction from Day 1
- Fast set-up and deployment
- Unified platform
- Full-featured 30-day trial