CVE-2024-41125
CVSS 3.1 Score 8.3 of 10 (high)
Details
Summary
CVE-2024-41125 is a vulnerability affecting Contiki-NG, an open-source operating system for IoT devices. This issue involves an out-of-bounds read of one byte during packet processing in the SNMP module. The SNMP module is disabled by default, but if enabled, it can lead to potential out-of-bounds read attacks. The root cause is a lack of a boundary check when decoding string lengths in the snmp-ber.c module. Contiki-NG has released a patch for this vulnerability in pull request #2936, which will be included in the next release. Users are advised to apply the patch manually or wait for the next release to mitigate the risk. A workaround is to disable the SNMP module in the Contiki-NG build configuration.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Contiki-NG
Affected Vendors
- Adam Dunkels