CVE-2021-21410

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be triggered by 6LoWPAN packets sent to devices running Contiki-NG 4.6 and prior. The IPv6 header decompression function (<code>uncompress_hdr_iphc</code>) does not perform proper boundary checks when reading from the packet buffer. Hence, it is possible to construct a compressed 6LoWPAN packet that will read more bytes than what is available from the packet buffer. As of time of publication, there is not a release with a patch available. Users can apply the patch for this vulnerability out-of-band as a workaround.
Configurations

Configuration 1 (hide)

cpe:2.3:o:contiki-ng:contiki-ng:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:48

Type Values Removed Values Added
References () https://github.com/contiki-ng/contiki-ng/pull/1482 - Patch, Third Party Advisory () https://github.com/contiki-ng/contiki-ng/pull/1482 - Patch, Third Party Advisory
References () https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-hhwj-2p59-v8p9 - Patch, Third Party Advisory () https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-hhwj-2p59-v8p9 - Patch, Third Party Advisory
CVSS v2 : 6.4
v3 : 9.1
v2 : 6.4
v3 : 8.2

Information

Published : 2021-06-18 21:15

Updated : 2024-11-21 05:48


NVD link : CVE-2021-21410

Mitre link : CVE-2021-21410

CVE.ORG link : CVE-2021-21410


JSON object : View

Products Affected

contiki-ng

  • contiki-ng
CWE
CWE-125

Out-of-bounds Read