CVE-2018-1000804

contiki-ng/contiki-ng

on github

Published

October 8, 2018

Severity

CVSS v3:

9.8 CRITICAL

CVSS v2:

10 HIGH

Description

contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable via Attacker must be able to run malicious AQL code (e.g. via SQL-like Injection attack).

References

https://github.com/contiki-ng/contiki-ng/pull/624
https://github.com/contiki-ng/contiki-ng/issues/594

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:o:contiki-ng:contiki-ng:4.0:::::::*	n/a	n/a	4.0

External Links

NVD - CVE-2018-1000804