CVE-2017-7295

Name of the Vulnerable Software and Affected Versions Contiki Operating System version 3.0

Description A use-after-free issue exists in the httpd-simple.c file of the cc26xx-web-demo httpd, where the http state structure is not properly deallocated upon a connection close event. This results in a NULL pointer dereference in the output processing function, causing a board crash that can be exploited to perform a denial of service.

Recommendations For Contiki Operating System version 3.0, as a temporary workaround, consider disabling the httpd-simple.c module until a patch is available. Restrict access to the cc26xx-web-demo httpd to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.