Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that parses incoming DNS packets does not validate that the incoming DNS replies match outgoing DNS queries in newdata() in resolv.c. Also, arbitrary DNS replies are parsed if there was any outgoing DNS query with a transaction ID that matches the transaction ID of an incoming reply. Provided that the default DNS cache is quite small (only four records) and that the transaction ID has a very limited set of values that is quite easy to guess, this can lead to DNS cache poisoning.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Contiki 输入验证错误漏洞
Vulnerability Description
Contiki是一套用于IoT(物联网)设备的开源跨平台操作系统。 Contiki 3.0 存在输入验证错误漏洞,该漏洞源于 DNS事务ID不够随机。如果DNS缓存非常小(四个条目),则可以促进DNS缓存中毒攻击。
CVSS Information
N/A
Vulnerability Type
N/A