PT-2021-14385 · Unknown · Contiki-Ng

Joakimeriksson

Published

2021-06-18

Updated

2021-06-22

CVE-2021-21279

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: Contiki-NG versions prior to 4.6

Description: The issue allows an attacker to perform a denial-of-service attack by triggering an infinite loop in the processing of IPv6 neighbor solicitation (NS) messages. This can effectively shut down the operation of the system due to the cooperative scheduling used for the main parts of Contiki-NG and its communication stack.

Recommendations: For versions prior to 4.6, apply the patch for this issue out-of-band as a workaround. Update to Contiki-NG version 4.6 to resolve the issue.

Fix

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

CVE-2021-21279

GHSA-RR5J-J8M8-FC4F

Affected Products

Contiki-Ng

PT-2021-14385 · Unknown · Contiki-Ng

CVE-2021-21279

Weakness Enumeration

Related Identifiers

Affected Products

References · 4