CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-1000804

contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable via Attacker must be able to run malicious AQL code (e.g. via SQL-like Injection attack).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.115

EPSS Ranking 93.3%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

References

https://github.com/contiki-ng/contiki-ng/issues/594
https://github.com/contiki-ng/contiki-ng/pull/624
https://github.com/contiki-ng/contiki-ng/issues/594
https://github.com/contiki-ng/contiki-ng/pull/624

Products affected by CVE-2018-1000804

Contiki-Ng » Contiki-Ng » Version: 4.0

cpe:2.3:o:contiki-ng:contiki-ng:4.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-1000804

Products

Pricing

Contact Us