CVE-2021-21280

Published: Jun 18, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Contiki-NG is an open-source, cross-platform operating system for internet of things devices. It is possible to cause an out-of-bounds write in versions of Contiki-NG prior to 4.6 when transmitting a 6LoWPAN packet with a chain of extension headers. Unfortunately, the written header is not checked to be within the available space, thereby making it possible to write outside the buffer. The problem has been patched in Contiki-NG 4.6. Users can apply the patch for this vulnerability out-of-band as a workaround.

Affected (1)

Products: Contiki Ng: Contiki Ng

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Contiki Ng Contiki Ng	Before 4.6

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (4)

https://github.com/contiki-ng/contiki-ng/pull/1409

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-r768-hrhf-v592

Source: security-advisories@github.com

ExploitPatchThird Party Advisory

https://github.com/contiki-ng/contiki-ng/pull/1409

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-r768-hrhf-v592

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

Timeline

No history available yet.