Sign-up

ID

VAR-201812-1159


CVE

CVE-2018-20579


TITLE

Contiki-NG Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-013398 // CNNVD: CNNVD-201812-1245

DESCRIPTION

Contiki-NG before 4.2 has a stack-based buffer overflow in the push function in os/lib/json/jsonparse.c that allows an out-of-bounds write of an '{' or '[' character. Contiki-NG Contains a buffer error vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Contiki-NG is an open source cross-platform operating system for next-generation IoT devices. Attackers can use this vulnerability to cause a denial of service (application crash)

Trust: 2.7

sources: NVD: CVE-2018-20579 // JVNDB: JVNDB-2018-013398 // CNVD: CNVD-2019-09777 // CNNVD: CNNVD-201812-1245

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-09777

AFFECTED PRODUCTS

vendor:contiki ngmodel:contiki-ngscope:eqversion:4.2

Trust: 1.6

vendor:contiki ngmodel:contiki-ngscope:ltversion:4.2

Trust: 1.4

sources: CNVD: CNVD-2019-09777 // JVNDB: JVNDB-2018-013398 // CNNVD: CNNVD-201812-1245 // NVD: CVE-2018-20579

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-20579
value: HIGH

Trust: 1.0

NVD: CVE-2018-20579
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-09777
value: LOW

Trust: 0.6

CNNVD: CNNVD-201812-1245
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2018-20579
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-09777
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-20579
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-09777 // JVNDB: JVNDB-2018-013398 // CNNVD: CNNVD-201812-1245 // NVD: CVE-2018-20579

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-119

Trust: 0.8

sources: JVNDB: JVNDB-2018-013398 // NVD: CVE-2018-20579

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201812-1245

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201812-1245

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013398

PATCH
title:Stack based buffer overflow while parsing JSON file #601url:https://github.com/contiki-ng/contiki-ng/issues/601
Trust: 0.8
title:Patch for Contiki-NG Buffer Overflow Vulnerability (CNVD-2019-09777)url:https://www.cnvd.org.cn/patchInfo/show/158543
Trust: 0.6
title:Contiki-NG Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88226
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-09777 // 
            
            
            
            JVNDB: JVNDB-2018-013398 // 
            
            
            
            CNNVD: CNNVD-201812-1245

EXTERNAL IDS
db:NVDid:CVE-2018-20579
Trust: 3.0
db:JVNDBid:JVNDB-2018-013398
Trust: 0.8
db:CNVDid:CNVD-2019-09777
Trust: 0.6
db:CNNVDid:CNNVD-201812-1245
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-09777 // 
            
            
            
            JVNDB: JVNDB-2018-013398 // 
            
            
            
            CNNVD: CNNVD-201812-1245 // 
            
            
            
            NVD: CVE-2018-20579

REFERENCES
url:https://github.com/contiki-ng/contiki-ng/issues/601
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-20579
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20579
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-09777 // 
            
            
            
            JVNDB: JVNDB-2018-013398 // 
            
            
            
            CNNVD: CNNVD-201812-1245 // 
            
            
            
            NVD: CVE-2018-20579

SOURCES
db:CNVDid:CNVD-2019-09777
db:JVNDBid:JVNDB-2018-013398
db:CNNVDid:CNNVD-201812-1245
db:NVDid:CVE-2018-20579

LAST UPDATE DATE
2024-11-23T23:11:56.671000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-09777date:2019-04-12T00:00:00
db:JVNDBid:JVNDB-2018-013398date:2019-02-20T00:00:00
db:CNNVDid:CNNVD-201812-1245date:2020-08-25T00:00:00
db:NVDid:CVE-2018-20579date:2024-11-21T04:01:46.560

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-09777date:2019-04-12T00:00:00
db:JVNDBid:JVNDB-2018-013398date:2019-02-20T00:00:00
db:CNNVDid:CNNVD-201812-1245date:2018-12-29T00:00:00
db:NVDid:CVE-2018-20579date:2018-12-28T18:29:00.317