CVE-2019-9183

Name of the Vulnerable Software and Affected Versions Contiki-NG versions 4.3 and earlier Contiki versions 3.0 and earlier

Description A buffer overflow issue is present due to an integer underflow during 6LoWPAN fragment processing in the face of truncated fragments in os/net/ipv6/sicslowpan.c. This results in accesses of unmapped memory, crashing the application. An attacker can cause a denial-of-service via a crafted 6LoWPAN frame.

Recommendations For Contiki-NG versions 4.3 and earlier, update to a version later than 4.3 to resolve the issue. For Contiki versions 3.0 and earlier, update to a version later than 3.0 to resolve the issue. As a temporary workaround, consider restricting the processing of 6LoWPAN fragments to minimize the risk of exploitation.