Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be triggered by 6LoWPAN packets sent to devices running Contiki-NG 4.6 and prior. The IPv6 header decompression function (<code>uncompress_hdr_iphc</code>) does not perform proper boundary checks when reading from the packet buffer. Hence, it is possible to construct a compressed 6LoWPAN packet that will read more bytes than what is available from the packet buffer. As of time of publication, there is not a release with a patch available. Users can apply the patch for this vulnerability out-of-band as a workaround.
References
Link | Resource |
---|---|
https://github.com/contiki-ng/contiki-ng/pull/1482 | Patch Third Party Advisory |
https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-hhwj-2p59-v8p9 | Patch Third Party Advisory |
https://github.com/contiki-ng/contiki-ng/pull/1482 | Patch Third Party Advisory |
https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-hhwj-2p59-v8p9 | Patch Third Party Advisory |
Configurations
History
21 Nov 2024, 05:48
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/contiki-ng/contiki-ng/pull/1482 - Patch, Third Party Advisory | |
References | () https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-hhwj-2p59-v8p9 - Patch, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 6.4
v3 : 8.2 |
Information
Published : 2021-06-18 21:15
Updated : 2024-11-21 05:48
NVD link : CVE-2021-21410
Mitre link : CVE-2021-21410
CVE.ORG link : CVE-2021-21410
JSON object : View
Products Affected
contiki-ng
- contiki-ng
CWE
CWE-125
Out-of-bounds Read