Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that parses incoming DNS packets does not validate that domain names present in the DNS responses have '\0' termination. This results in errors when calculating the offset of the pointer that jumps over domain name bytes in DNS response packets when a name lacks this termination, and eventually leads to dereferencing the pointer at an invalid/arbitrary address, within newdata() and parse_name() in resolv.c.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Contiki 安全漏洞
Vulnerability Description
Contiki是一套用于IoT(物联网)设备的开源跨平台操作系统。 Contiki 3.0 存在安全漏洞,该漏洞源于解析传入的DNS数据包时,不会检查域名是否以空值结尾。这使攻击者可以通过精心制作的DNS响应来破坏内存。。
CVSS Information
N/A
Vulnerability Type
N/A