Vulnerability Details CVE-2020-24335
An issue was discovered in uIP through 1.0, as used in Contiki and Contiki-NG. Domain name parsing lacks bounds checks, allowing an attacker to corrupt memory with crafted DNS packets.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 80.0%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/adamdunkels/uip
- https://github.com/contiki-ng/contiki-ng
- https://github.com/contiki-os/contiki
- https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01
- https://www.kb.cert.org/vuls/id/815128
- https://github.com/adamdunkels/uip
- https://github.com/contiki-ng/contiki-ng
- https://github.com/contiki-os/contiki
- https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01
- https://www.kb.cert.org/vuls/id/815128
Products affected by CVE-2020-24335
-
cpe:2.3:a:uip_project:uip:0.5
-
cpe:2.3:a:uip_project:uip:0.6
-
cpe:2.3:a:uip_project:uip:0.9
-
cpe:2.3:a:uip_project:uip:1.0
-
cpe:2.3:o:contiki-ng:contiki-ng:-
-
cpe:2.3:o:contiki-os:contiki:-