Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

contiki-ng — Vulnerabilities & Security Advisories 29

Browse all 29 CVE security advisories affecting contiki-ng. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Contiki-NG is an open-source operating system designed for resource-constrained Internet of Things (IoT) devices, specifically targeting low-power wireless sensor networks and mesh networking applications. Its architecture prioritizes energy efficiency and protocol support for standards like 6LoWPAN and CoAP. Historically, the codebase has exhibited vulnerabilities typical of embedded C systems, including buffer overflows, integer overflows, and improper input validation, which can lead to remote code execution or denial of service. With twenty-nine recorded CVEs, these flaws often stem from legacy code structures and limited memory safety mechanisms inherent in its design. Notable incidents involve exploitation of network stack components, allowing attackers to disrupt connectivity or gain unauthorized access to device resources. The project’s security posture relies heavily on community-driven patches and rigorous code review, though the complexity of maintaining secure firmware for diverse hardware configurations remains a persistent challenge for developers integrating this OS into production environments.

Top products by contiki-ng: contiki-ng
CVE IDTitleCVSSSeverityPublished
CVE-2023-29001 Uncontrolled recursion due to insufficient validation of the IPv6 source routing header in Contiki-NG — contiki-ngCWE-674 7.5AIHighAI2024-11-27
CVE-2024-41125 Out-of-bounds read in SNMP when decoding a string in Contiki-NG — contiki-ngCWE-125 8.4 High2024-11-27
CVE-2024-41126 Out-of-bounds read when decoding SNMP messages in Contiki-NG — contiki-ngCWE-125 8.4 High2024-11-27
CVE-2024-47181 Unaligned memory access in RPL option processing in Contiki-NG — contiki-ngCWE-704 7.5 High2024-11-27
CVE-2023-50926 Unvalidated DIO prefix info length in RPL-Lite in Contiki-NG — contiki-ngCWE-125 7.5 High2024-02-14
CVE-2023-50927 Insufficient boundary checks for DIO and DAO messages in RPL-Lite in Contiki-NG — contiki-ngCWE-125 8.6 High2024-02-14
CVE-2023-48229 Out-of-bounds write in the radio driver for Contiki-NG nRF platforms — contiki-ngCWE-787 7.0 High2024-02-14
CVE-2023-37459 Out-of-bounds read when processing a received IPv6 packet — contiki-ngCWE-125 5.3 Medium2023-09-15
CVE-2023-37281 Out-of-bounds read during IPHC address decompression — contiki-ngCWE-125 5.3 Medium2023-09-15
CVE-2023-34101 Contiki-NG vulnerable to out-of-bounds read when processing ICMP DAO input — contiki-ngCWE-125 7.3 High2023-06-14
CVE-2023-34100 Out-of-Bounds Read in contiki-ng — contiki-ngCWE-125 7.3 High2023-06-09
CVE-2023-31129 Contiki-NG missing NULL pointer check in IPv6 neighbor discovery — contiki-ngCWE-476 7.5 High2023-05-08
CVE-2023-30546 Contiki-NG has off-by-one error in Antelope DBMS — contiki-ngCWE-125 9.8 Critical2023-04-26
CVE-2023-28116 Buffer overflow in L2CAP due to misconfigured MTU — contiki-ngCWE-120 8.1 High2023-03-17
CVE-2023-23609 contiki-ng BLE-L2CAP contains Improper size validation of L2CAP frames — contiki-ngCWE-787 8.2 High2023-01-25
CVE-2022-41972 Contiki-NG contains NULL Pointer Dereference in BLE L2CAP module — contiki-ngCWE-476 2.9 Low2022-12-16
CVE-2022-41873 Out-of-bounds read and write in BLE L2CAP module — contiki-ngCWE-125 4.2 Medium2022-11-11
CVE-2022-36054 Out-of-bounds write when decompressing 6LoWPAN payload in Contiki-NG — contiki-ngCWE-787 6.8 Medium2022-09-01
CVE-2022-36052 Out-of-bounds read when decompressing UDP header — contiki-ngCWE-125 5.9 Medium2022-09-01
CVE-2022-36053 Out-of-bounds read in the uIP buffer module — contiki-ngCWE-125 5.9 Medium2022-09-01
CVE-2022-35927 Unverified DIO prefix info lengths in RPL-Classic in Contiki-NG — contiki-ngCWE-120 8.1 High2022-08-04
CVE-2022-35926 Out-of-bounds read in IPv6 neighbor solicitation in Contiki-NG — contiki-ngCWE-125 5.9 Medium2022-08-04
CVE-2021-32771 Buffer overflow in contiki-ng — contiki-ngCWE-120 8.1 High2022-08-04
CVE-2021-21410 Out-of-bounds read in the 6LoWPAN implementation — contiki-ngCWE-125 8.2 High2021-06-18
CVE-2021-21257 Out-of-bounds write in RPL-Classic and RPL-Lite — contiki-ngCWE-787 8.2 High2021-06-18
CVE-2021-21279 Infinite loop in IPv6 neighbor solicitation processing — contiki-ngCWE-835 7.5 High2021-06-18
CVE-2021-21280 Out-of-bounds write when processing 6LoWPAN extension headers — contiki-ngCWE-787 8.6 High2021-06-18
CVE-2021-21281 Buffer overflow due to unvalidated TCP data offset — contiki-ngCWE-120 7.0 High2021-06-18
CVE-2021-21282 Buffer overflow in RPL source routing header processing — contiki-ngCWE-120 8.6 High2021-06-18

This page lists every published CVE security advisory associated with contiki-ng. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.