Denial of Service (DoS) Affecting contiki-ng/contiki-ng package, versions [,4.0)


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.1% (42nd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UNMANAGED-CONTIKINGCONTIKING-6137924
  • published22 Dec 2023
  • disclosed11 Dec 2020
  • creditUnknown

Introduced: 11 Dec 2020

CVE-2020-13984  (opens in a new tab)
CWE-835  (opens in a new tab)

How to fix?

Upgrade contiki-ng/contiki-ng to version 4.0 or higher.

Overview

Affected versions of this package are vulnerable to Denial of Service (DoS). An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when processing IPv6 extension headers in ext_hdr_options_process in net/ipv6/uip6.c.

CVSS Scores

version 3.1