CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-24334

The code that processes DNS responses in uIP through 1.0, as used in Contiki and Contiki-NG, does not check whether the number of responses specified in the DNS packet header corresponds to the response data available in the DNS packet, leading to an out-of-bounds read and Denial-of-Service in resolv.c.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 64.8%

CVSS Severity

CVSS v3 Score 8.2

CVSS v2 Score 6.4

References

https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01
https://www.kb.cert.org/vuls/id/815128
https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01
https://www.kb.cert.org/vuls/id/815128

Products affected by CVE-2020-24334

Uip Project » Uip » Version: 0.5

cpe:2.3:a:uip_project:uip:0.5
Uip Project » Uip » Version: 0.6

cpe:2.3:a:uip_project:uip:0.6
Uip Project » Uip » Version: 0.9

cpe:2.3:a:uip_project:uip:0.9
Uip Project » Uip » Version: 1.0

cpe:2.3:a:uip_project:uip:1.0
Contiki-Ng » Contiki-Ng » Version: N/A

cpe:2.3:o:contiki-ng:contiki-ng:-
Contiki-Os » Contiki » Version: N/A

cpe:2.3:o:contiki-os:contiki:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-24334

Products

Pricing

Contact Us