CVE-2024-41125

CVSS 3.1 Score 8.3 of 10 (high)

Details

Published Nov 27, 2024
CWE ID 125

Summary

CVE-2024-41125 is a vulnerability affecting Contiki-NG, an open-source operating system for IoT devices. This issue involves an out-of-bounds read of one byte during packet processing in the SNMP module. The SNMP module is disabled by default, but if enabled, it can lead to potential out-of-bounds read attacks. The root cause is a lack of a boundary check when decoding string lengths in the snmp-ber.c module. Contiki-NG has released a patch for this vulnerability in pull request #2936, which will be included in the next release. Users are advised to apply the patch manually or wait for the next release to mitigate the risk. A workaround is to disable the SNMP module in the Contiki-NG build configuration.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share