CVE-2022-36053

Out-of-bounds read in the uIP buffer module

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The low-power IPv6 network stack of Contiki-NG has a buffer module (os/net/ipv6/uipbuf.c) that processes IPv6 extension headers in incoming data packets. As part of this processing, the function uipbuf_get_next_header casts a pointer to a uip_ext_hdr structure into the packet buffer at different offsets where extension headers are expected to be found, and then reads from this structure. Because of a lack of bounds checking, the casting can be done so that the structure extends beyond the packet's end. Hence, with a carefully crafted packet, it is possible to cause the Contiki-NG system to read data outside the packet buffer. A patch that fixes the vulnerability is included in Contiki-NG 4.8.

Contiki-NG es un sistema operativo de código abierto y multiplataforma para dispositivos IoT de Próxima Generación. La pila de red IPv6 de bajo consumo de Contiki-NG presenta un módulo de búfer (os/net/ipv6/uipbuf.c) que procesa los encabezados de extensión IPv6 en los paquetes de datos entrantes. Como parte de este procesamiento, la función uipbuf_get_next_header lanza un puntero a una estructura uip_ext_hdr en el búfer del paquete en los diferentes desplazamientos en los que es esperado encontrar las cabeceras de extensión, y luego lee de esta estructura. Debido a una falta de comprobación de límites, el casting puede hacerse de manera que la estructura sea extendida más allá del final del paquete. Por lo tanto, con un paquete cuidadosamente diseñado, es posible causar que el sistema Contiki-NG lea datos fuera del buffer del paquete. En Contiki-NG versión 4.8 es incluido un parche que corrige la vulnerabilidad

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-07-15 CVE Reserved
2022-09-01 CVE Published
2024-03-24 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-125: Out-of-bounds Read

CAPEC

References (2)

URL	Tag	Source
https://github.com/contiki-ng/contiki-ng/pull/1648	Broken Link
https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-2j9c-7754-w4cw	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Contiki-ng Search vendor "Contiki-ng"		Contiki-ng Search vendor "Contiki-ng" for product "Contiki-ng"				< 4.8 Search vendor "Contiki-ng" for product "Contiki-ng" and version " < 4.8"		-		Affected