CVE-2022-35926

Out-of-bounds read in IPv6 neighbor solicitation in Contiki-NG

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Contiki-NG is an open-source, cross-platform operating system for IoT devices. Because of insufficient validation of IPv6 neighbor discovery options in Contiki-NG, attackers can send neighbor solicitation packets that trigger an out-of-bounds read. The problem exists in the module os/net/ipv6/uip-nd6.c, where memory read operations from the main packet buffer, <code>uip_buf</code>, are not checked if they go out of bounds. In particular, this problem can occur when attempting to read the 2-byte option header and the Source Link-Layer Address Option (SLLAO). This attack requires ipv6 be enabled for the network. The problem has been patched in the develop branch of Contiki-NG. The upcoming 4.8 release of Contiki-NG will include the patch.Users unable to upgrade may apply the patch in Contiki-NG PR #1654.

Contiki-NG es un sistema operativo de código abierto y multiplataforma para dispositivos IoT. Debido a que no son comprobados suficientemente las opciones de detección de vecinos IPv6 en Contiki-NG, los atacantes pueden enviar paquetes de solicitud de vecinos que desencadenan una lectura fuera de límites. El problema se presenta en el módulo os/net/ipv6/uip-nd6.c, donde son realizadas operaciones de lectura en memoria del buffer principal de paquetes, (code)uip_buf(/code), no son comprobadas si salen de límites. En particular, este problema puede ocurrir cuando es intentado leer el encabezado de opción de 2 bytes y la opción de dirección de capa de enlace de origen (SLLAO). Este ataque requiere que ipv6 esté habilitado para la red. El problema ha sido parcheado en la rama de desarrollo de Contiki-NG. La próxima versión 4.8 de Contiki-NG incluirá el parche. Los usuarios que no puedan actualizar pueden aplicar el parche en Contiki-NG PR #1654

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-07-15 CVE Reserved
2022-08-04 CVE Published
2024-03-25 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-125: Out-of-bounds Read

CAPEC

References (4)

URL	Tag	Source
https://github.com/contiki-ng/contiki-ng/releases/tag/release%2Fv4.8	Third Party Advisory
https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-4hpq-4f53-w386	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/contiki-ng/contiki-ng/pull/1654	2022-08-11
https://github.com/contiki-ng/contiki-ng/pull/1654/commits/a4597001d50a04f4b9c78f323ba731e2f979802c	2022-08-11

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Contiki-ng Search vendor "Contiki-ng"		Contiki-ng Search vendor "Contiki-ng" for product "Contiki-ng"				< 4.8 Search vendor "Contiki-ng" for product "Contiki-ng" and version " < 4.8"		-		Affected