Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be triggered by 6LoWPAN packets sent to devices running Contiki-NG 4.6 and prior. The IPv6 header decompression function (<code>uncompress_hdr_iphc</code>) does not perform proper boundary checks when reading from the packet buffer. Hence, it is possible to construct a compressed 6LoWPAN packet that will read more bytes than what is available from the packet buffer. As of time of publication, there is not a release with a patch available. Users can apply the patch for this vulnerability out-of-band as a workaround.
References
Link | Resource |
---|---|
https://github.com/contiki-ng/contiki-ng/pull/1482 | Patch Third Party Advisory |
https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-hhwj-2p59-v8p9 | Patch Third Party Advisory |
Configurations
History
No history.
Information
Published : 2021-06-18 21:15
Updated : 2024-02-28 18:28
NVD link : CVE-2021-21410
Mitre link : CVE-2021-21410
CVE.ORG link : CVE-2021-21410
JSON object : View
Products Affected
contiki-ng
- contiki-ng
CWE
CWE-125
Out-of-bounds Read