CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36054 – Out-of-bounds write when decompressing 6LoWPAN payload in Contiki-NG
https://notcve.org/view.php?id=CVE-2022-36054
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in the Contiki-NG operating system (file os/net/ipv6/sicslowpan.c) contains an input function that processes incoming packets and copies them into a packet buffer. Because of a missing length check in the input function, it is possible to write outside the packet buffer's boundary. The vulnerability can be exploited by anyone who has the possibility to send 6LoWPAN packets to a Contiki-NG system. In particular, the vulnerability is exposed when sending either of two types of 6LoWPAN packets: an unfragmented packet or the first fragment of a fragmented packet. • https://github.com/contiki-ng/contiki-ng/pull/1648 https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-c36p-vhwg-244c • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36052 – Out-of-bounds read when decompressing UDP header
https://notcve.org/view.php?id=CVE-2022-36052
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in Contiki-NG may cast a UDP header structure at a certain offset in a packet buffer. The code does not check whether the packet buffer is large enough to fit a full UDP header structure from the offset where the casting is made. Hence, it is possible to cause an out-of-bounds read beyond the packet buffer. The problem affects anyone running devices with Contiki-NG versions previous to 4.8, and which may receive 6LoWPAN packets from external parties. • https://github.com/contiki-ng/contiki-ng/pull/1648 https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-vwr8-6mqv-x7f5 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36053 – Out-of-bounds read in the uIP buffer module
https://notcve.org/view.php?id=CVE-2022-36053
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The low-power IPv6 network stack of Contiki-NG has a buffer module (os/net/ipv6/uipbuf.c) that processes IPv6 extension headers in incoming data packets. As part of this processing, the function uipbuf_get_next_header casts a pointer to a uip_ext_hdr structure into the packet buffer at different offsets where extension headers are expected to be found, and then reads from this structure. Because of a lack of bounds checking, the casting can be done so that the structure extends beyond the packet's end. Hence, with a carefully crafted packet, it is possible to cause the Contiki-NG system to read data outside the packet buffer. • https://github.com/contiki-ng/contiki-ng/pull/1648 https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-2j9c-7754-w4cw • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35927 – Unverified DIO prefix info lengths in RPL-Classic in Contiki-NG
https://notcve.org/view.php?id=CVE-2022-35927
Contiki-NG is an open-source, cross-platform operating system for IoT devices. In the RPL-Classic routing protocol implementation in the Contiki-NG operating system, an incoming DODAG Information Option (DIO) control message can contain a prefix information option with a length parameter. The value of the length parameter is not validated, however, and it is possible to cause a buffer overflow when copying the prefix in the set_ip_from_prefix function. This vulnerability affects anyone running a Contiki-NG version prior to 4.7 that can receive RPL DIO messages from external parties. To obtain a patched version, users should upgrade to Contiki-NG 4.7 or later. • https://github.com/contiki-ng/contiki-ng/pull/1589 https://github.com/contiki-ng/contiki-ng/pull/1589/commits/4fffab0e632c4d01910fa957d1fd9ef321eb87d2 https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-9rm9-3phh-p4wm • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35926 – Out-of-bounds read in IPv6 neighbor solicitation in Contiki-NG
https://notcve.org/view.php?id=CVE-2022-35926
Contiki-NG is an open-source, cross-platform operating system for IoT devices. Because of insufficient validation of IPv6 neighbor discovery options in Contiki-NG, attackers can send neighbor solicitation packets that trigger an out-of-bounds read. The problem exists in the module os/net/ipv6/uip-nd6.c, where memory read operations from the main packet buffer, <code>uip_buf</code>, are not checked if they go out of bounds. In particular, this problem can occur when attempting to read the 2-byte option header and the Source Link-Layer Address Option (SLLAO). This attack requires ipv6 be enabled for the network. • https://github.com/contiki-ng/contiki-ng/pull/1654 https://github.com/contiki-ng/contiki-ng/pull/1654/commits/a4597001d50a04f4b9c78f323ba731e2f979802c https://github.com/contiki-ng/contiki-ng/releases/tag/release%2Fv4.8 https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-4hpq-4f53-w386 • CWE-125: Out-of-bounds Read •