CVE-2022-35927

Unverified DIO prefix info lengths in RPL-Classic in Contiki-NG

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Contiki-NG is an open-source, cross-platform operating system for IoT devices. In the RPL-Classic routing protocol implementation in the Contiki-NG operating system, an incoming DODAG Information Option (DIO) control message can contain a prefix information option with a length parameter. The value of the length parameter is not validated, however, and it is possible to cause a buffer overflow when copying the prefix in the set_ip_from_prefix function. This vulnerability affects anyone running a Contiki-NG version prior to 4.7 that can receive RPL DIO messages from external parties. To obtain a patched version, users should upgrade to Contiki-NG 4.7 or later. There are no workarounds for this issue.

Contiki-NG es un sistema operativo de código abierto y multiplataforma para dispositivos IoT. En la implementación del protocolo de enrutamiento RPL-Classic en el sistema operativo Contiki-NG, un mensaje de control DODAG Information Option (DIO) entrante puede contener una opción de información de prefijo con un parámetro de longitud. Sin embargo, el valor del parámetro de longitud no es comprobado, y es posible causar un desbordamiento del búfer cuando es copiado el prefijo en el set_ip_from_prefix function. Esta vulnerabilidad afecta a cualquiera ejecutando una versión de Contiki-NG anterior a 4.7 que pueda recibir mensajes RPL DIO de partes externas. Para obtener una versión parcheada, los usuarios deben actualizar a Contiki-NG versiones 4.7 o posteriores. No se presentan mitigaciones para este problema

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-07-15 CVE Reserved
2022-08-04 CVE Published
2024-03-25 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CAPEC

References (3)

URL	Tag	Source
https://github.com/contiki-ng/contiki-ng/pull/1589	Third Party Advisory
https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-9rm9-3phh-p4wm	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/contiki-ng/contiki-ng/pull/1589/commits/4fffab0e632c4d01910fa957d1fd9ef321eb87d2	2022-08-11

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Contiki-ng Search vendor "Contiki-ng"		Contiki-ng Search vendor "Contiki-ng" for product "Contiki-ng"				< 4.7 Search vendor "Contiki-ng" for product "Contiki-ng" and version " < 4.7"		-		Affected