Vulnerability Details CVE-2020-24336
An issue was discovered in Contiki through 3.0 and Contiki-NG through 4.5. The code for parsing Type A domain name answers in ip64-dns64.c doesn't verify whether the address in the answer's length is sane. Therefore, when copying an address of an arbitrary length, a buffer overflow can occur. This bug can be exploited whenever NAT64 is enabled.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 82.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2020-24336
-
cpe:2.3:o:contiki-ng:contiki-ng:-
-
cpe:2.3:o:contiki-ng:contiki-ng:2.0
-
cpe:2.3:o:contiki-ng:contiki-ng:2.1
-
cpe:2.3:o:contiki-ng:contiki-ng:2.2
-
cpe:2.3:o:contiki-ng:contiki-ng:2.2.1
-
cpe:2.3:o:contiki-ng:contiki-ng:2.2.2
-
cpe:2.3:o:contiki-ng:contiki-ng:2.2.3
-
cpe:2.3:o:contiki-ng:contiki-ng:2.3
-
cpe:2.3:o:contiki-ng:contiki-ng:2.4
-
cpe:2.3:o:contiki-ng:contiki-ng:2.5
-
cpe:2.3:o:contiki-ng:contiki-ng:2.6
-
cpe:2.3:o:contiki-ng:contiki-ng:2.7
-
cpe:2.3:o:contiki-ng:contiki-ng:3.0
-
cpe:2.3:o:contiki-ng:contiki-ng:4.0
-
cpe:2.3:o:contiki-ng:contiki-ng:4.1
-
cpe:2.3:o:contiki-ng:contiki-ng:4.2
-
cpe:2.3:o:contiki-ng:contiki-ng:4.3
-
cpe:2.3:o:contiki-ng:contiki-ng:4.4
-
cpe:2.3:o:contiki-ng:contiki-ng:4.5
-
cpe:2.3:o:contiki-os:contiki:-
-
cpe:2.3:o:contiki-os:contiki:2.0
-
cpe:2.3:o:contiki-os:contiki:2.1
-
cpe:2.3:o:contiki-os:contiki:2.2
-
cpe:2.3:o:contiki-os:contiki:2.2.1
-
cpe:2.3:o:contiki-os:contiki:2.2.2
-
cpe:2.3:o:contiki-os:contiki:2.2.3
-
cpe:2.3:o:contiki-os:contiki:2.3
-
cpe:2.3:o:contiki-os:contiki:2.4
-
cpe:2.3:o:contiki-os:contiki:2.5
-
cpe:2.3:o:contiki-os:contiki:2.6
-
cpe:2.3:o:contiki-os:contiki:2.7
-
cpe:2.3:o:contiki-os:contiki:3.0