PT-2021-14386 · Unknown · Contiki-Ng

Joakimeriksson

Published

2021-06-18

Updated

2021-06-22

CVE-2021-21280

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Contiki-NG versions prior to 4.6

Description: The issue affects Contiki-NG, an open-source operating system for internet of things devices. It is possible to cause an out-of-bounds write when transmitting a 6LoWPAN packet with a chain of extension headers. The written header is not checked to be within the available space, making it possible to write outside the buffer.

Recommendations: For versions prior to 4.6, apply the patch for this issue out-of-band as a workaround. For versions prior to 4.6, update to Contiki-NG 4.6 to resolve the issue.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2021-21280

GHSA-R768-HRHF-V592

Affected Products

Contiki-Ng

PT-2021-14386 · Unknown · Contiki-Ng

CVE-2021-21280

Weakness Enumeration

Related Identifiers

Affected Products

References · 5