CVE-2021-21410

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be triggered by 6LoWPAN packets sent to devices running Contiki-NG 4.6 and prior. The IPv6 header decompression function (<code>uncompress_hdr_iphc</code>) does not perform proper boundary checks when reading from the packet buffer. Hence, it is possible to construct a compressed 6LoWPAN packet that will read more bytes than what is available from the packet buffer. As of time of publication, there is not a release with a patch available. Users can apply the patch for this vulnerability out-of-band as a workaround.
Configurations

Configuration 1 (hide)

cpe:2.3:o:contiki-ng:contiki-ng:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-06-18 21:15

Updated : 2024-02-28 18:28


NVD link : CVE-2021-21410

Mitre link : CVE-2021-21410

CVE.ORG link : CVE-2021-21410


JSON object : View

Products Affected

contiki-ng

  • contiki-ng
CWE
CWE-125

Out-of-bounds Read