CVE-2020-25112

Name of the Vulnerable Software and Affected Versions Contiki versions through 3.0

Description An issue in the IPv6 stack of Contiki leads to inconsistent checks for IPv6 header extension lengths. This results in Denial-of-Service and potential Remote Code Execution via a crafted ICMPv6 echo packet.

Recommendations For Contiki versions through 3.0, consider disabling the handling of ICMPv6 echo packets as a temporary workaround until a patch is available. Restrict access to the IPv6 stack to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.