{"id":"CVE-2020-24334","details":"The code that processes DNS responses in uIP through 1.0, as used in Contiki and Contiki-NG, does not check whether the number of responses specified in the DNS packet header corresponds to the response data available in the DNS packet, leading to an out-of-bounds read and Denial-of-Service in resolv.c.","modified":"2026-04-11T20:42:58.294544Z","published":"2020-12-11T23:15:13.807Z","references":[{"type":"ADVISORY","url":"https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"},{"type":"ADVISORY","url":"https://www.kb.cert.org/vuls/id/815128"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/adamdunkels/uip","events":[{"introduced":"0"},{"last_affected":"a49def743f6e5c7d0c0f2d724f0b8e0c563a4a37"}],"database_specific":{"source":"CPE_FIELD","cpe":"cpe:2.3:a:uip_project:uip:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"1.0"}]}}],"versions":["uip-0-5","uip-0-6","uip-0-9","uip-1-0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-24334.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"}]}