{
  "schema_version": "1.4.0",
  "id": "GHSA-jrf8-p6cc-fr4f",
  "modified": "2022-05-24T17:26:06Z",
  "published": "2022-05-24T17:26:06Z",
  "aliases": [
    "CVE-2020-14936"
  ],
  "details": "Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. Functions parsing the OIDs in SNMP requests lack sufficient allocated target-buffer capacity verification when writing parsed OID values. The function snmp_oid_decode_oid() may overwrite memory areas beyond the provided target buffer, when called from snmp_message_decode() upon an SNMP request reception. Because the content of the write operations is externally provided in the SNMP requests, it enables a remote overwrite of an IoT device's memory regions beyond the allocated buffer. This overflow may allow remote overwrite of stack and statically allocated variables memory regions by sending a crafted SNMP request.",
  "severity": [],
  "affected": [],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14936"
    },
    {
      "type": "WEB",
      "url": "https://github.com/contiki-ng/contiki-ng/issues/1351"
    },
    {
      "type": "WEB",
      "url": "https://drive.google.com/file/d/1FypWH_g475jSL0mDFzquaATCeRIHQ2kj/view?usp=sharing"
    }
  ],
  "database_specific": {
    "cwe_ids": [],
    "severity": "HIGH",
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-08-18T17:15:00Z"
  }
}