CVE-2020-14936

{"id": "CVE-2020-14936", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-08-18T17:15:11.440", "references": [{"url": "https://drive.google.com/file/d/1FypWH_g475jSL0mDFzquaATCeRIHQ2kj/view?usp=sharing", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/contiki-ng/contiki-ng/issues/1351", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. Functions parsing the OIDs in SNMP requests lack sufficient allocated target-buffer capacity verification when writing parsed OID values. The function snmp_oid_decode_oid() may overwrite memory areas beyond the provided target buffer, when called from snmp_message_decode() upon an SNMP request reception. Because the content of the write operations is externally provided in the SNMP requests, it enables a remote overwrite of an IoT device's memory regions beyond the allocated buffer. This overflow may allow remote overwrite of stack and statically allocated variables memory regions by sending a crafted SNMP request."}, {"lang": "es", "value": "Se detectaron desbordamientos del b\u00fafer en Contiki-NG versiones 4.4 hasta 4.5, en el agente SNMP. Las funciones que analizan los OID en las peticiones SNMP carecen de suficiente verificaci\u00f3n de la capacidad del b\u00fafer de destino asignada al escribir valores de OID analizados. La funci\u00f3n snmp_oid_decode_oid() puede sobrescribir \u00e1reas de memoria m\u00e1s all\u00e1 del b\u00fafer de destino provisto, cuando se llama desde la funci\u00f3n snmp_message_decode() al recibir una petici\u00f3n SNMP. Dado que el contenido de las operaciones de escritura es proporcionado externamente en las peticiones SNMP, permite una sobrescritura remota de las regiones de memoria de un dispositivo IoT m\u00e1s all\u00e1 del b\u00fafer asignado. Este desbordamiento puede permitir la sobrescritura remota de la pila y las regiones de memoria variables asignadas est\u00e1ticamente mediante el env\u00edo de una petici\u00f3n SNMP dise\u00f1ada."}], "lastModified": "2020-08-25T19:43:58.827", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:contiki-ng:contiki-ng:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "031BDB59-5EDC-4D78-8E74-9432B766A874", "versionEndIncluding": "4.5", "versionStartIncluding": "4.4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}