Lownvt

**Name of the Vulnerable Software and Affected Versions** Contiki-NG versions 4.9 and prior **Description** The issue arises when the Contiki-NG network stack attempts to start the periodic TCP timer for a TCP packet with the SYN flag set without verifying that a full TCP header has been received. This can lead to an out-of-bound read from the packet buffer if an attacker injects a truncated TCP packet. The `check for tcp syn` function is specifically vulnerable due to its attempt to access the `flags` field from the TCP buffer without proper validation. **Recommendations** For Contiki-NG versions 4.9 and prior, as a temporary workaround, consider applying the changes in Contiki-NG pull request #2510 to patch the system. At the moment, there is no information about a newer version that contains a fix for this vulnerability.