cnvd - cnvd-2021-16432

cnvd-2021-16432

Vulnerability from cnvd

Title: Contiki缓冲区溢出漏洞

Description:

Contiki是一款用于内存受限系统的开源、高度可移植、网络化的多任务操作系统。

Contiki存在缓冲区溢出漏洞，该漏洞源于不对紧急数据指针的值进行完整性检查，允许攻击者通过在TCP数据包内提供任意紧急数据指针偏移来破坏内存。

Severity: 低

Patch Name: Contiki缓冲区溢出漏洞的补丁

Patch Description:

Contiki是一款用于内存受限系统的开源、高度可移植、网络化的多任务操作系统。

Contiki存在缓冲区溢出漏洞，该漏洞源于不对紧急数据指针的值进行完整性检查，允许攻击者通过在TCP数据包内提供任意紧急数据指针偏移来破坏内存。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01

Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-17437

Impacted products

Name
Contiki Contiki 3.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-17437",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-17437"
    }
  },
  "description": "Contiki\u662f\u4e00\u6b3e\u7528\u4e8e\u5185\u5b58\u53d7\u9650\u7cfb\u7edf\u7684\u5f00\u6e90\u3001\u9ad8\u5ea6\u53ef\u79fb\u690d\u3001\u7f51\u7edc\u5316\u7684\u591a\u4efb\u52a1\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nContiki\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4e0d\u5bf9\u7d27\u6025\u6570\u636e\u6307\u9488\u7684\u503c\u8fdb\u884c\u5b8c\u6574\u6027\u68c0\u67e5\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u901a\u8fc7\u5728TCP\u6570\u636e\u5305\u5185\u63d0\u4f9b\u4efb\u610f\u7d27\u6025\u6570\u636e\u6307\u9488\u504f\u79fb\u6765\u7834\u574f\u5185\u5b58\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://us-cert.cisa.gov/ics/advisories/icsa-20-343-01",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-16432",
  "openTime": "2021-03-11",
  "patchDescription": "Contiki\u662f\u4e00\u6b3e\u7528\u4e8e\u5185\u5b58\u53d7\u9650\u7cfb\u7edf\u7684\u5f00\u6e90\u3001\u9ad8\u5ea6\u53ef\u79fb\u690d\u3001\u7f51\u7edc\u5316\u7684\u591a\u4efb\u52a1\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nContiki\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4e0d\u5bf9\u7d27\u6025\u6570\u636e\u6307\u9488\u7684\u503c\u8fdb\u884c\u5b8c\u6574\u6027\u68c0\u67e5\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u901a\u8fc7\u5728TCP\u6570\u636e\u5305\u5185\u63d0\u4f9b\u4efb\u610f\u7d27\u6025\u6570\u636e\u6307\u9488\u504f\u79fb\u6765\u7834\u574f\u5185\u5b58\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Contiki\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Contiki Contiki 3.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-17437",
  "serverity": "\u4f4e",
  "submitTime": "2020-12-18",
  "title": "Contiki\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

CVE-2020-17437 (GCVE-0-2020-17437)

Vulnerability from cvelistv5

Published

2020-12-11 22:24

Modified

2024-08-04 13:53

Severity ?

CWE

Summary

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked; therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.

References

▼	URL	Tags
	https://www.kb.cert.org/vuls/id/815128	x_refsource_MISC
	https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01	x_refsource_MISC
	https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:53:17.554Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/815128"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-12-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked; therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-09T14:06:21",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.kb.cert.org/vuls/id/815128"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-17437",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked; therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.kb.cert.org/vuls/id/815128",
              "refsource": "MISC",
              "url": "https://www.kb.cert.org/vuls/id/815128"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-17437",
    "datePublished": "2020-12-11T22:24:38",
    "dateReserved": "2020-08-07T00:00:00",
    "dateUpdated": "2024-08-04T13:53:17.554Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted