An issue was discovered in uIP through 1.0, as used in Contiki and Contiki-NG. Domain name parsing lacks bounds checks, allowing an attacker to corrupt memory with crafted DNS packets.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24335
Reference (s):
- https://github.com/adamdunkels/uip
- https://github.com/contiki-ng/contiki-ng
- https://github.com/contiki-os/contiki
- https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01
- https://www.kb.cert.org/vuls/id/815128