First published: Mon Oct 08 2018(Updated: )
contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable via Attacker must be able to run malicious AQL code (e.g. via SQL-like Injection attack).
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Contiki-ng Contiki-ng | =4.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2018-1000804.
The severity of CVE-2018-1000804 is critical, with a severity value of 9.8.
The affected software for CVE-2018-1000804 is Contiki-ng version 4.
CVE-2018-1000804 affects Contiki-ng by allowing an attacker to perform remote code execution on a device using Contiki-NG operating system.
Yes, a fix is available for CVE-2018-1000804. Please refer to the provided references for more information on applying the fix.