CVE-2021-21257

Name of the Vulnerable Software and Affected Versions: Contiki-NG versions prior to 4.6

Description: The RPL-Classic and RPL-Lite implementations in the Contiki-NG operating system do not validate the address pointer in the RPL source routing header. This allows an attacker to cause out-of-bounds writes with packets injected into the network stack. The issue lies in the rpl ext header srh update function, where the addr ptr variable is calculated using an unvalidated CMPR field value from the source routing header. An out-of-bounds write can be triggered due to a memcpy call with addr ptr as the destination.

Recommendations: For Contiki-NG versions prior to 4.6, update to version 4.6 to resolve the issue. As a temporary workaround, users can apply a patch out-of-band. Consider restricting access to the rpl ext header srh update function in the rpl-ext-header.c modules for RPL-Classic and RPL-Lite until the issue is resolved.