CVE-2020-12140

contiki-ng/contiki-ng

on github

Published

December 7, 2021

Severity

CVSS v3:

8.8 HIGH

CVSS v2:

8.3 HIGH

Description

A buffer overflow in os/net/mac/ble/ble-l2cap.c in the BLE stack in Contiki-NG 4.4 and earlier allows an attacker to execute arbitrary code via malicious L2CAP frames.

References

https://twitter.com/ScepticCtf
https://github.com/contiki-ng/contiki-ng/pull/1662

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:o:contiki-ng:contiki-ng::::::::	n/a	4.4 (including)	*

External Links

NVD - CVE-2020-12140