CVE-2018-19417
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-19417
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-19417.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-19417
- Related
- Published
- 2018-11-21T20:29:00Z
- Modified
- 2025-01-14T07:26:44.462404Z
- Severity
-
- 10.0 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function parsepublishvhdr() that parses MQTT PUBLISH messages with a variable length header uses memcpy to input data into a fixed size buffer. The allocated buffer can fit only MQTTMAXTOPIC_LENGTH (default 64) bytes, and a length check is missing. This could lead to Remote Code Execution via a stack-smashing attack (overwriting the function return address). Contiki-NG does not separate the MQTT server from other servers and the OS modules, so access to all memory regions is possible.
- References
Affected packages
Git / github.com/contiki-ng/contiki-ng
Affected ranges
- Type
- GIT
- Repo
- https://github.com/contiki-ng/contiki-ng
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2.*
2.0
2.1
2.2
2.2.1
2.2.2
2.2.3
2.3
2.4
2.5-release
2.6
2.6-rc0
3.*
3.x
develop/v3.*
develop/v3.x-fork
develop/v4.*
develop/v4.0
develop/v4.1
develop/v4.2
Other
fork
old/v2.*
old/v2.0
old/v2.1
old/v2.2
old/v2.2.1
old/v2.2.2
old/v2.2.3
old/v2.3
old/v2.4
old/v2.6
release/v4.*
release/v4.0
release/v4.1