CVE-2022-35926

Contiki-NG is an open-source, cross-platform operating system for IoT devices. Because of insufficient validation of IPv6 neighbor discovery options in Contiki-NG, attackers can send neighbor solicitation packets that trigger an out-of-bounds read. The problem exists in the module os/net/ipv6/uip-nd6.c, where memory read operations from the main packet buffer, <code>uip_buf</code>, are not checked if they go out of bounds. In particular, this problem can occur when attempting to read the 2-byte option header and the Source Link-Layer Address Option (SLLAO). This attack requires ipv6 be enabled for the network. The problem has been patched in the develop branch of Contiki-NG. The upcoming 4.8 release of Contiki-NG will include the patch.Users unable to upgrade may apply the patch in Contiki-NG PR #1654.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/contiki-ng/contiki-ng/pull/1654	Patch Third Party Advisory
https://github.com/contiki-ng/contiki-ng/pull/1654/commits/a4597001d50a04f4b9c78f323ba731e2f979802c	Patch Third Party Advisory
https://github.com/contiki-ng/contiki-ng/releases/tag/release%2Fv4.8	Third Party Advisory
https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-4hpq-4f53-w386	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:contiki-ng:contiki-ng:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-08-04 21:15

Updated : 2024-02-28 19:29

NVD link : CVE-2022-35926

Mitre link : CVE-2022-35926

CVE.ORG link : CVE-2022-35926

JSON object : View

Products Affected

contiki-ng

contiki-ng

CWE

CWE-125

Out-of-bounds Read

{"id": "CVE-2022-35926", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2022-08-04T21:15:08.013", "references": [{"url": "https://github.com/contiki-ng/contiki-ng/pull/1654", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/contiki-ng/contiki-ng/pull/1654/commits/a4597001d50a04f4b9c78f323ba731e2f979802c", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/contiki-ng/contiki-ng/releases/tag/release%2Fv4.8", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-4hpq-4f53-w386", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "Contiki-NG is an open-source, cross-platform operating system for IoT devices. Because of insufficient validation of IPv6 neighbor discovery options in Contiki-NG, attackers can send neighbor solicitation packets that trigger an out-of-bounds read. The problem exists in the module os/net/ipv6/uip-nd6.c, where memory read operations from the main packet buffer, <code>uip_buf</code>, are not checked if they go out of bounds. In particular, this problem can occur when attempting to read the 2-byte option header and the Source Link-Layer Address Option (SLLAO). This attack requires ipv6 be enabled for the network. The problem has been patched in the develop branch of Contiki-NG. The upcoming 4.8 release of Contiki-NG will include the patch.Users unable to upgrade may apply the patch in Contiki-NG PR #1654."}, {"lang": "es", "value": "Contiki-NG es un sistema operativo de c\u00f3digo abierto y multiplataforma para dispositivos IoT. Debido a que no son comprobados suficientemente las opciones de detecci\u00f3n de vecinos IPv6 en Contiki-NG, los atacantes pueden enviar paquetes de solicitud de vecinos que desencadenan una lectura fuera de l\u00edmites. El problema se presenta en el m\u00f3dulo os/net/ipv6/uip-nd6.c, donde son realizadas operaciones de lectura en memoria del buffer principal de paquetes, (code)uip_buf(/code), no son comprobadas si salen de l\u00edmites. En particular, este problema puede ocurrir cuando es intentado leer el encabezado de opci\u00f3n de 2 bytes y la opci\u00f3n de direcci\u00f3n de capa de enlace de origen (SLLAO). Este ataque requiere que ipv6 est\u00e9 habilitado para la red. El problema ha sido parcheado en la rama de desarrollo de Contiki-NG. La pr\u00f3xima versi\u00f3n 4.8 de Contiki-NG incluir\u00e1 el parche. Los usuarios que no puedan actualizar pueden aplicar el parche en Contiki-NG PR #1654"}], "lastModified": "2022-08-11T14:14:18.087", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:contiki-ng:contiki-ng:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8753C87C-46B4-467B-9598-30E562D5CB38", "versionEndExcluding": "4.8"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}