{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-41125", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-07-15T15:53:28.323Z", "datePublished": "2024-11-27T18:20:45.613Z", "dateUpdated": "2024-11-27T19:22:42.056Z"}, "containers": {"cna": {"title": "Out-of-bounds read in SNMP when decoding a string in Contiki-NG", "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "lang": "en", "description": "CWE-125: Out-of-bounds Read", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-qjj3-gqx7-438w", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-qjj3-gqx7-438w"}, {"name": "https://github.com/contiki-ng/contiki-ng/pull/2936", "tags": ["x_refsource_MISC"], "url": "https://github.com/contiki-ng/contiki-ng/pull/2936"}], "affected": [{"vendor": "contiki-ng", "product": "contiki-ng", "versions": [{"version": "<= 4.9", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-11-27T18:20:45.613Z"}, "descriptions": [{"lang": "en", "value": "Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the default Contiki-NG configuration. The vulnerability exists in the os/net/app-layer/snmp/snmp-ber.c module, where the function snmp_ber_decode_string_len_buffer decodes the string length from a received SNMP packet. In one place, one byte is read from the buffer, without checking that the buffer has another byte available, leading to a possible out-of-bounds read. The problem has been patched in Contiki-NG pull request #2936. It will be included in the next release of Contiki-NG. Users are advised to apply the patch manually or to wait for the next release. A workaround is to disable the SNMP module in the Contiki-NG build configuration."}], "source": {"advisory": "GHSA-qjj3-gqx7-438w", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41125", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-27T19:21:37.150794Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:contiki-ng:contiki-ng:-:*:*:*:*:*:*:*"], "vendor": "contiki-ng", "product": "contiki-ng", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "4.9"}], "defaultStatus": "unknown"}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-27T19:22:42.056Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41125", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-27T19:21:37.150794Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:contiki-ng:contiki-ng:-:*:*:*:*:*:*:*"], "vendor": "contiki-ng", "product": "contiki-ng", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "4.9"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-27T19:21:51.700Z"}}], "cna": {"title": "Out-of-bounds read in SNMP when decoding a string in Contiki-NG", "source": {"advisory": "GHSA-qjj3-gqx7-438w", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "contiki-ng", "product": "contiki-ng", "versions": [{"status": "affected", "version": "<= 4.9"}]}], "references": [{"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-qjj3-gqx7-438w", "name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-qjj3-gqx7-438w", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/contiki-ng/contiki-ng/pull/2936", "name": "https://github.com/contiki-ng/contiki-ng/pull/2936", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the default Contiki-NG configuration. The vulnerability exists in the os/net/app-layer/snmp/snmp-ber.c module, where the function snmp_ber_decode_string_len_buffer decodes the string length from a received SNMP packet. In one place, one byte is read from the buffer, without checking that the buffer has another byte available, leading to a possible out-of-bounds read. The problem has been patched in Contiki-NG pull request #2936. It will be included in the next release of Contiki-NG. Users are advised to apply the patch manually or to wait for the next release. A workaround is to disable the SNMP module in the Contiki-NG build configuration."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-11-27T18:20:45.613Z"}}}, "cveMetadata": {"cveId": "CVE-2024-41125", "state": "PUBLISHED", "dateUpdated": "2024-11-27T19:22:42.056Z", "dateReserved": "2024-07-15T15:53:28.323Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-11-27T18:20:45.613Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:contiki-ng:contiki-ng:*:*:*:*:*:*:*:*", "matchCriteriaId": "5ECE789E-8C10-42CB-BD98-A301AC471904", "versionEndIncluding": "4.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the default Contiki-NG configuration. The vulnerability exists in the os/net/app-layer/snmp/snmp-ber.c module, where the function snmp_ber_decode_string_len_buffer decodes the string length from a received SNMP packet. In one place, one byte is read from the buffer, without checking that the buffer has another byte available, leading to a possible out-of-bounds read. The problem has been patched in Contiki-NG pull request #2936. It will be included in the next release of Contiki-NG. Users are advised to apply the patch manually or to wait for the next release. A workaround is to disable the SNMP module in the Contiki-NG build configuration."}, {"lang": "es", "value": "Contiki-NG es un sistema operativo multiplataforma de c\u00f3digo abierto para dispositivos IoT. Se puede activar una lectura fuera de los l\u00edmites de 1 byte al enviar un paquete a un dispositivo que ejecuta el sistema operativo Contiki-NG con SNMP habilitado. El m\u00f3dulo SNMP est\u00e1 deshabilitado en la configuraci\u00f3n predeterminada de Contiki-NG. La vulnerabilidad existe en el m\u00f3dulo os/net/app-layer/snmp/snmp-ber.c, donde la funci\u00f3n snmp_ber_decode_string_len_buffer decodifica la longitud de la cadena de un paquete SNMP recibido. En un lugar, se lee un byte del b\u00fafer, sin verificar que el b\u00fafer tenga otro byte disponible, lo que lleva a una posible lectura fuera de los l\u00edmites. El problema se ha corregido en la solicitud de extracci\u00f3n de Contiki-NG n.\u00b0 2936. Se incluir\u00e1 en la pr\u00f3xima versi\u00f3n de Contiki-NG. Se recomienda a los usuarios que apliquen el parche manualmente o que esperen a la pr\u00f3xima versi\u00f3n. Un workaround es deshabilitar el m\u00f3dulo SNMP en la configuraci\u00f3n de compilaci\u00f3n de Contiki-NG."}], "id": "CVE-2024-41125", "lastModified": "2025-04-10T14:55:43.850", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 6.0, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "[email protected]", "type": "Primary"}]}, "published": "2024-11-27T19:15:32.883", "references": [{"source": "[email protected]", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/contiki-ng/contiki-ng/pull/2936"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-qjj3-gqx7-438w"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "[email protected]", "type": "Secondary"}]}

{}