Home/Product/contiki ng contiki ng
Product

contiki ng contiki ng

55 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-47181
<= 4.9
Contiki-NG is an open-source, cross-platform operating system for IoT devices. An unaligned memory access can be triggered in the
7.5HIGH
 CVE-2024-41126
<= 4.9
Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered wh
8.3HIGH
 CVE-2024-41125
<= 4.9
Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered wh
8.3HIGH
 CVE-2023-29001
<= 4.9
Contiki-NG is an open-source, cross-platform operating system for IoT devices. The Contiki-NG operating system processes source ro
7.5HIGH
 CVE-2023-50927
< 4.9
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An attacker can trigger out-of-boun
8.6HIGH
 CVE-2023-50926
<= 4.9
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be caused
7.5HIGH
 CVE-2023-48229
<= 4.9
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds write exists in th
7.0HIGH
 CVE-2021-42147
all versions
Buffer over-read vulnerability in the dtls_sha256_update function in Contiki-NG tinyDTLS through master branch 53a0d97 allows remo
9.1CRITICAL
 CVE-2021-42146
all versions
An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers allow remote attackers to reuse the sam
7.5HIGH
 CVE-2021-42145
<= 2018-08-30
An assertion failure discovered in check_certificate_request() in Contiki-NG tinyDTLS through master branch 53a0d97 allows atta
7.5HIGH
 CVE-2021-42144
<= 2018-08-30
Buffer over-read vulnerability in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers obtain sensitive information
9.8CRITICAL
 CVE-2021-42143
<= 2018-08-30
An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. An infinite loop bug exists during the handling of a
9.1CRITICAL
 CVE-2021-42142
<= 2018-08-30
An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers mishandle the early use of a large epoc
9.8CRITICAL
 CVE-2021-42141
<= 2018-08-30
An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. One incorrect handshake could complete with different epoch num
9.8CRITICAL
 CVE-2020-27634
all versions
In Contiki 4.5, TCP ISNs are improperly random.
9.1CRITICAL
 CVE-2023-37459
<= 4.9
Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when a packet is received, the Contik
5.3MEDIUM
 CVE-2023-37281
<= 4.9
Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when processing the various IPv6 head
5.3MEDIUM
 CVE-2023-34101
<= 4.8
Contiki-NG is an operating system for internet of things devices. In version 4.8 and prior, when processing ICMP DAO packets in th
7.3HIGH
 CVE-2023-34100
<= 4.8
Contiki-NG is an open-source, cross-platform operating system for IoT devices. When reading the TCP MSS option value from an incom
7.3HIGH
 CVE-2023-31129
<= 4.8
The Contiki-NG operating system versions 4.8 and prior can be triggered to dereference a NULL pointer in the message handling code
7.5HIGH
 CVE-2023-30546
<= 4.8
Contiki-NG is an operating system for Internet of Things devices. An off-by-one error can be triggered in the Antelope database ma
9.8CRITICAL
 CVE-2023-28116
<= 4.8
Contiki-NG is an open-source, cross-platform operating system for internet of things (IoT) devices. In versions 4.8 and prior, an
8.1HIGH
 CVE-2023-23609
<= 4.8
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to and including 4.8
8.2HIGH
 CVE-2022-41972
<= 4.8
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 contain a NUL
2.9LOW
 CVE-2022-41873
< 4.9
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 are vulnerabl
4.2MEDIUM
 CVE-2022-36054
< 4.8
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in the C
6.8MEDIUM
 CVE-2022-36053
< 4.8
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The low-power IPv6 network stack of
5.9MEDIUM
 CVE-2022-36052
< 4.8
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in Conti
5.9MEDIUM
 CVE-2022-35927
< 4.7
Contiki-NG is an open-source, cross-platform operating system for IoT devices. In the RPL-Classic routing protocol implementation
8.1HIGH
 CVE-2022-35926
< 4.8
Contiki-NG is an open-source, cross-platform operating system for IoT devices. Because of insufficient validation of IPv6 neighbor
5.9MEDIUM
 CVE-2021-32771
< 4.8
Contiki-NG is an open-source, cross-platform operating system for IoT devices. In affected versions it is possible to cause a buff
8.1HIGH
 CVE-2020-12140
<= 4.4
A buffer overflow in os/net/mac/ble/ble-l2cap.c in the BLE stack in Contiki-NG 4.4 and earlier allows an attacker to execute arbit
8.8HIGH
 CVE-2020-12141
<= 4.4
An out-of-bounds read in the SNMP stack in Contiki-NG 4.4 and earlier allows an attacker to cause a denial of service and potentia
9.1CRITICAL
 CVE-2021-21410
<= 4.6
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be trigge
8.2HIGH
 CVE-2021-21281
< 4.6
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. A buffer overflow vulnerability exis
7.0HIGH
 CVE-2021-21280
< 4.6
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. It is possible to cause an out-of-bo
8.6HIGH
 CVE-2021-21279
< 4.6
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In verions prior to 4.6, an attacker
7.5HIGH
 CVE-2021-21257
< 4.6
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. The RPL-Classic and RPL-Lite impleme
8.2HIGH
 CVE-2021-21282
< 4.5
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In versions prior to 4.5, buffer ove
8.6HIGH
 CVE-2020-24336
<= 4.5
An issue was discovered in Contiki through 3.0 and Contiki-NG through 4.5. The code for parsing Type A domain name answers in ip64
9.8CRITICAL
 CVE-2020-13988
<= 3.0
An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS
7.5HIGH
 CVE-2020-14936
>= 4.4 and <= 4.5
Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. Functions parsing the OIDs in SNMP requests lac
9.8CRITICAL
 CVE-2020-14935
>= 4.0 and <= 4.5
Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP bulk get request response encoding function. The funct
9.8CRITICAL
 CVE-2020-14934
>= 4.4 and <= 4.5
Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. The function parsing the received SNMP request
9.8CRITICAL
 CVE-2020-14937
>= 4.4 and <= 4.5
Memory access out of buffer boundaries issues was discovered in Contiki-NG 4.4 through 4.5, in the SNMP BER encoder/decoder. The l
9.1CRITICAL
 CVE-2019-9183
<= 4.3
An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. A buffer overflow is present due to an integer underflo
7.5HIGH
 CVE-2019-8359
<= 4.3
An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. An out of bounds write is present in the data section d
9.8CRITICAL
 CVE-2018-20579
all versions
Contiki-NG before 4.2 has a stack-based buffer overflow in the push function in os/lib/json/jsonparse.c that allows an out-of-boun
7.1HIGH
 CVE-2018-19417
< 4.2
An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function parse_publish_vhdr() that parses MQTT PUBLISH me
10.0CRITICAL
 CVE-2018-1000804
all versions
contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in
9.8CRITICAL
 CVE-2018-16667
<= 4.1
An issue was discovered in Contiki-NG through 4.1. There is a buffer over-read in lookup in os/storage/antelope/lvm.c while parsin
7.0HIGH
 CVE-2018-16666
<= 4.1
An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in next_string in os/storage/antelope/aq
7.8HIGH
 CVE-2018-16665
<= 4.1
An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow while parsing AQL in lvm_shift_for_operator in os/st
6.1MEDIUM
 CVE-2018-16664
<= 4.1
An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow in lvm_set_type in os/storage/antelope/lvm.c while p
7.0HIGH
 CVE-2018-16663
<= 4.1
An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in parse_relations in os/storage/antelop
7.8HIGH
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh