CVE-2024-41126
CVSS 3.1 Score 8.3 of 10 (high)
Details
Summary
CVE-2024-41126 is a vulnerability affecting the Contiki-NG operating system for IoT devices. The issue involves an out-of-bounds read of one byte in the SNMP module when decoding an object identifier (OID). This error occurs due to a failure to check the message buffer boundary during the reading process. The SNMP module is disabled by default in Contiki-NG, but devices with this feature enabled are susceptible. A patch for this vulnerability is available in Contiki-NG pull request 2937, which will be included in the next release. Users can also manually apply the patch or disable the SNMP module as a workaround.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Contiki-NG
Affected Vendors
- Adam Dunkels