CVE-2020-24336

Name of the Vulnerable Software and Affected Versions Contiki versions through 3.0 Contiki-NG versions through 4.5

Description An issue was discovered in the code for parsing Type A domain name answers in ip64-dns64.c, which doesn't verify whether the address in the answer's length is sane. This can lead to a buffer overflow when copying an address of an arbitrary length. The bug can be exploited whenever NAT64 is enabled.

Recommendations For Contiki versions through 3.0, update to a version that fixes the issue with address length verification in ip64-dns64.c. For Contiki-NG versions through 4.5, update to a version that fixes the issue with address length verification in ip64-dns64.c. As a temporary workaround, consider disabling NAT64 until a patch is available.