VARIoT IoT vulnerabilities database

A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions < V3.14-P021). Improper access control to a data point of the affected product could allow an unauthenticated remote user to escalate its privileges in the context of SIMATIC WinCC OA V3.14. This vulnerability could be exploited by an attacker with network access to port 5678/TCP of the SIMATIC WinCC OA V3.14 server. Successful exploitation requires no user privileges and no user interaction. This vulnerability could allow an attacker to compromise integrity and availability of the SIMATIC WinCC OA system. At the time of advisory publication no public exploitation of this vulnerability was known. SIMATIC WinCC OA Contains an access control vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. The client-server HMI (Human Machine Interface) system SIMATIC WinCC Open Architecture (OA) is part of the SIMATIC HMI family. It is designed for applications that require a high degree of customer-specific adaptation, large or complex applications, and projects that impose specific system requirements or functionality. A privilege elevation vulnerability exists in SIMATIC WinCC OAV 3.14 and earlier, allowing unauthenticated remote users to upgrade their rights in the context of SIMATIC WinCC OAV 3.14. Siemens SIMATIC WinCC OA is prone to an access-bypass vulnerability. An attacker can exploit this issue to gain elevated privileges. Siemens SIMATIC WinCC OA (Open Architecture) is a SCADA system of Siemens (Siemens) in Germany, and it is also an integral part of the HMI series. The system is mainly applicable to industries such as rail transit, building automation and public power supply

A vulnerability has been identified in SIEMENS TD Keypad Designer (All versions). A DLL hijacking vulnerability exists in all versions of SIEMENS TD Keypad Designer which could allow an attacker to execute code with the permission of the user running TD Designer. The attacker must have write access to the directory containing the TD project file in order to exploit the vulnerability. A legitimate user with higher privileges than the attacker must open the TD project in order for this vulnerability to be exploited. At the time of advisory publication no public exploitation of this security vulnerability was known. SIEMENS TD Keypad Designer Contains an uncontrolled search path element vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state

SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability. Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks

In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source. SAP NetWeaver BI Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SAP NetWeaver Business Intelligence is prone to an XML External Entity injection vulnerability. Attackers can exploit this issue to gain access to sensitive information or cause denial-of-service conditions. NetWeaver Business Intelligence 7.30, 7.31. 7.40, 7.41, and 7.50 are vulnerable

A vulnerability in a subsystem in Intel CSME before version 11.21.55, Intel Server Platform Services before version 4.0 and Intel Trusted Execution Engine Firmware before version 3.1.55 may allow an unauthenticated user to potentially modify or disclose information via physical access. Multiple Intel Products are prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to potentially modify or disclose sensitive information. This may lead to further attacks. Intel CSME is a converged security management engine. Intel Trusted Execution Engine is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit)

A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort. 389 Directory Server Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. RedHat389DirectoryServer (formerly known as FedoraDirectoryServer) is an enterprise-class Linux directory server from RedHat. The server fully supports the LDAPv3 specification and features scalable, multi-master replication. A security vulnerability exists in RedHat389DirectoryServer. An attacker could exploit the vulnerability to cause a denial of service (crash). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: 389-ds-base security and bug fix update Advisory ID: RHSA-2018:2757-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2757 Issue date: 2018-09-25 CVE Names: CVE-2018-10850 CVE-2018-10935 CVE-2018-14624 CVE-2018-14638 ==================================================================== 1. Summary: An update for 389-ds-base is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Security Fix(es): * 389-ds-base: race condition on reference counter leads to DoS using persistent search (CVE-2018-10850) * 389-ds-base: ldapsearch with server side sort allows users to cause a crash (CVE-2018-10935) * 389-ds-base: Server crash through modify command with large DN (CVE-2018-14624) * 389-ds-base: Crash in delete_passwdPolicy when persistent search connections are terminated unexpectedly (CVE-2018-14638) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2018-10850 issue was discovered by Thierry Bordaz (Red Hat) and the CVE-2018-14638 issue was discovered by Viktor Ashirov (Red Hat). Bug Fix(es): * Previously, the nucn-stans framework was enabled by default in Directory Server, but the framework is not stable. As a consequence, deadlocks and file descriptor leaks could occur. This update changes the default value of the nsslapd-enable-nunc-stans parameter to "off". (BZ#1614836) * When a search evaluates the "shadowAccount" entry, Directory Server adds the shadow attributes to the entry. If the fine-grained password policy is enabled, the "shadowAccount" entry can contain its own "pwdpolicysubentry" policy attribute. Previously, to retrieve this attribute, the server started an internal search for each "shadowAccount" entry, which was unnecessary because the entry was already known to the server. As a result, the performance of searches, such as response time and throughput, is improved. (BZ#1615924) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the 389 server service will be restarted automatically. 5. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: 389-ds-base-1.3.7.5-28.el7_5.src.rpm x86_64: 389-ds-base-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: 389-ds-base-1.3.7.5-28.el7_5.src.rpm x86_64: 389-ds-base-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: 389-ds-base-1.3.7.5-28.el7_5.src.rpm ppc64le: 389-ds-base-1.3.7.5-28.el7_5.ppc64le.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.ppc64le.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.ppc64le.rpm x86_64: 389-ds-base-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: 389-ds-base-1.3.7.5-28.el7_5.src.rpm aarch64: 389-ds-base-1.3.7.5-28.el7_5.aarch64.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.aarch64.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.aarch64.rpm ppc64le: 389-ds-base-1.3.7.5-28.el7_5.ppc64le.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.ppc64le.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: 389-ds-base-1.3.7.5-28.el7_5.src.rpm ppc64: 389-ds-base-1.3.7.5-28.el7_5.ppc64.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.ppc64.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.ppc64.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.ppc64.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.ppc64.rpm ppc64le: 389-ds-base-debuginfo-1.3.7.5-28.el7_5.ppc64le.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.ppc64le.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.ppc64le.rpm s390x: 389-ds-base-1.3.7.5-28.el7_5.s390x.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.s390x.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.s390x.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.s390x.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.s390x.rpm x86_64: 389-ds-base-debuginfo-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): Source: 389-ds-base-1.3.7.5-28.el7_5.src.rpm aarch64: 389-ds-base-debuginfo-1.3.7.5-28.el7_5.aarch64.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.aarch64.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.aarch64.rpm ppc64le: 389-ds-base-debuginfo-1.3.7.5-28.el7_5.ppc64le.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.ppc64le.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.ppc64le.rpm s390x: 389-ds-base-1.3.7.5-28.el7_5.s390x.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.s390x.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.s390x.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.s390x.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.s390x.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: 389-ds-base-1.3.7.5-28.el7_5.src.rpm x86_64: 389-ds-base-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: 389-ds-base-debuginfo-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-10850 https://access.redhat.com/security/cve/CVE-2018-10935 https://access.redhat.com/security/cve/CVE-2018-14624 https://access.redhat.com/security/cve/CVE-2018-14638 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW6qI2dzjgjWX9erEAQgW5g//Xn0tMzXPX9ttN9u/n6vEr3kEio7meGc8 g70R7mtWsJj5z3VfnvFD5mRmQQinsMJXI0/IUfBU+X/oZb7rGI33ALYh0lg1rerc 2jxXBAwJKpSwkstFvJiUs2XOznh3VaYkwg/UxqEtkh4xSnO1WfbFJpHhoPIf6d8Y Cu7ymH+3VGLTR3N11HJzbrmKdmyt3p/s8UGuKO0Lh6rtnSdtM7eq5mfOYgRAp/Wm PZgVCLexexfVNzqzIjkt/KzpNrobFJUryZbXrafVpq14nUAWFRWDN4TCzUdDd0GA um46apVZHH2mAZuq+FIvokFBIIxW2DEvxj/c2UiZqDv2o7TOocssOJXw4CUIsitD QZBLnlmH/jq/L4HHwnT/4eshz2kX6yEYVNP7Nhv4bamEC7eu0y8anItyErZ7+w2L aY/3kL3uWssWnU9ESyIXvex34HmcHK0FzeBKV5ZUEwBXfdjBAGf5k8l0MyoyiS7D FK+OxXsLaORs66GaPA1MHAyAscIVTElu0GQRInDQKCgRf3uvzKT3UammoPF6Djk4 DxxIVjFV7ZExade0XdjlpkI4kUItvxXRnvAX7nT34D+jBny3WuWuVCLHUcrvYaZl hf1pBHkwR/kuK/BHh99QM/JrfvJixe0Nwosdi+ra1TO2eB2/TPtJUdeoiMcoF7qA emssayK3UGk=rOwt -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

A spoofing vulnerability exists for the Azure IoT Device Provisioning for the C SDK library using the HTTP protocol on Windows platform, aka "Azure IoT SDK Spoofing Vulnerability." This affects C SDK. Microsoft Windows is a series of operating systems released by Microsoft Corporation of the United States. Microsoft Azure Active Directory Connect is a service provided by Microsoft Corporation of the United States that provides identity and access management in the cloud. An attacker could exploit this vulnerability to forge a server by performing a man-in-the-middle attack

An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long "correlationId" value in order to exploit this vulnerability. Samsung SmartThings Hub Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SamsungSmartThingsHub is a smart home management device from South Korea's Samsung. video-coreHTTPserver is one of the HTTP servers. field

FURUNO FELCOM 250 and 500 devices allow unauthenticated access to the xml/permission.xml file containing all of the system's usernames and passwords. This includes the Admin and Service user accounts and their unsalted MD5 hashes, as well as the SMS server password in cleartext. FURUNO FELCOM 250 and 500 The device contains a certificate / password management vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. FURUNO FELCOM 250 and 500 are shipborne communication equipment of Japan Furuno Electric Company. There is a security hole in the FURUNO FELCOM 250 and 500

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy overflows the destination buffer, which has a size of 2,000 bytes. An attacker can send an arbitrarily long "sessionToken" value in order to exploit this vulnerability. Samsung SmartThings Hub STH-ETH-250-Firmware Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SamsungSmartThingsHubSTH-ETH-250 is a smart home management device from South Korea's Samsung. video-coreHTTPserver is one of the HTTP servers

Huangshi Kewei Automatic Control Co., Ltd. is an enterprise that develops, produces, and sells a series of industrial control products such as embedded PLC, intelligent servo, and man-machine interface. There is a memory corruption vulnerability in the IOCS screen configuration software of the Kewei text integrated machine. The vulnerability is due to the failure of the IOCS1.33.exe file to verify the integrity of the project file. An attacker could use the vulnerability to cause memory corruption when reading the project file

The EL-100 series serial device networking server allows serial devices to be networked immediately and accessed directly through software. Guangzhou Chaoran Computer Co., Ltd. EL-100 series industrial control equipment has unauthorized access and weak password vulnerabilities. Attackers can use the vulnerability to bypass the login window and obtain sensitive information

IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow an authenticated user to bypass future authentication mechanisms once the initial login is completed. IBM X-Force ID: 148691. IBM Datacap Fastdoc Capture Contains an authentication vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 148691 It is released as.Information may be tampered with. An attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks

A Pektron Passive Keyless Entry and Start (PKES) system, as used on the Tesla Model S and possibly other vehicles, relies on the DST40 cipher, which makes it easier for attackers to obtain access via an approach involving a 5.4 TB precomputation, followed by wake-frame reception and two challenge/response operations, to clone a key fob within a few seconds. Pektron Passive Keyless Entry and Start (PKES) There are cryptographic vulnerabilities in the system.Information may be tampered with. The Tesla Model S is an electric car produced by Tesla. The PKES system used in the Tesla Model S and other devices has a security flaw that stems from the fact that the PKES system relies on the DST40 cipher. An attacker could exploit this vulnerability to clone car keys in seconds

FURUNO FELCOM 250 and 500 devices allow unauthenticated users to change the password for the Admin, Log and Service accounts, as well as the password for the protected "SMS" panel via /cgi-bin/sm_changepassword.cgi and /cgi-bin/sm_sms_changepasswd.cgi. FURUNO FELCOM 250 and 500 The device contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FURUNO FELCOM 250 and 500 are shipborne communication equipment of Japan Furuno Electric Company. The /cgi-bin/sm_changepassword.cgi file and the /cgi-bin/sm_sms_changepasswd.cgi file in FURUNO FELCOM 250 and 500 have an access control error vulnerability

Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecure File Permissions vulnerability. A remote authenticated malicious user could read from VPN configuration files on and potentially author a MITM attack on the VPN traffic. Dell EMC VPlex GeoSynchrony Contains a permission vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell EMC VPlex is a new generation of data storage platform for information movement and access within the data center, across data centers and between data centers of Dell; GeoSynchrony is a set of VPLEX operating system. A remote attacker could exploit this vulnerability to gain access to data on the target system and modify the data. Link to remedies: Please contact your local field representative to assist with the planning for the VPLEX upgrade which requires a Change Control Authorization (CCA). -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEP5nobPoCj3pTvhAZgSlofD2Yi6cFAluSaocACgkQgSlofD2Y i6c7rxAAo2FBxnrffBEhFs+yysuesMxd8f1Qep+C3GDtH759hcFSmiRCg3CDDWNs 2yniNrQLwNBtM/9qh0NX4x63HxOVVOsC0a2g+oPMHQjN6W+1Ql0eBFkFoFwCQpIZ +67znLrXaF4BMZJEF7nr9EZRkb/bUaR+mj7T1ih3dWKp+4jzNwqN/Cd+UL1QsqmE C2Now1sQjzkH0RlTq4dp4Y4WpiuYpO1cF7yAlqNmxHhkQZjx9BKWZ+1gBVpAr1Ge EeLkzcwtpayzM4XryZCvZjt2qA+GTxW/mRYOen62pKcWHjsNyALwqVWNshx2l27r run8/tUVuD998Bzc6P6QyUkokY73cBgvGa7Ca5SAmlxTHra9kenaF/IOQfp1tzQK mPW1esNalXP+HRRWIAFCC10F+H492OKsA4vUmJmks0oHQnLOTuzzQXCZWNh9zrLG T3jW4d58NKV9oml/+9a7czOMsTHvNzd+powS6C7KZLo4ltwuynP1Akgtwj1Calvj HRRRAhJEsG2w1AcfEB0SCr/JDP39S49nWgNWlhESjoPPyuWac9mH71EHQiIgPM+u GBk14E3RCbxP136zxOgYibDI8Z3w+yWkTs2x4dYCsVB1igocSdzwZJxUrsUAv/B8 nMKoYU+zx/jsC3WEopu4hO361t/w368VAmPLZP6x29wFqUS9K2o= =+3mo -----END PGP SIGNATURE-----

An issue was discovered in Contiki-NG through 4.1. There is a buffer over-read in lookup in os/storage/antelope/lvm.c while parsing AQL (lvm_register_variable, lvm_set_variable_value, create_intersection, create_union). Contiki-NG Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Attackers can use this vulnerability to cause a denial of service. Contiki-NG is an open source cross-platform operating system for the next generation of IoT devices. The 'lookup' in the os / storage / antelope / lvm.c file in Contiki-NG 4.1 and earlier has a security vulnerability. An attacker could use this vulnerability to execute code (buffer read out of bounds)

An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in next_string in os/storage/antelope/aql-lexer.c while parsing AQL (parsing next string). Contiki-NG Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Contiki-NG is an open source cross-platform operating system for next-generation IoT devices. Attackers can use this vulnerability to execute code

An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow while parsing AQL in lvm_shift_for_operator in os/storage/antelope/lvm.c. Contiki-NG Contains a buffer error vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Contiki-NG is an open source cross-platform operating system for the next generation of IoT devices. A buffer overflow vulnerability exists in the 'lvm_shift_for_operator' function in the os / storage / antelope / lvm.c file in Contiki-NG 4.1 and earlier versions. An attacker could use this vulnerability to cause the AQL engine to crash or manipulate data in other buffers

An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow in lvm_set_type in os/storage/antelope/lvm.c while parsing AQL (lvm_set_op, lvm_set_relation, lvm_set_operand). Contiki-NG Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Contiki-NG is an open source cross-platform operating system for the next generation of IoT devices. A buffer overflow vulnerability exists in the 'lvm_set_type' function of the os / storage / antelope / lvm.c file in Contiki-NG 4.1 and earlier versions. An attacker could use this vulnerability to execute code