CVE-2021-21410

Name of the Vulnerable Software and Affected Versions Contiki-NG versions 4.6 and prior

Description An out-of-bounds read can be triggered by 6LoWPAN packets sent to devices running Contiki-NG. The IPv6 header decompression function (uncompress hdr iphc) does not perform proper boundary checks when reading from the packet buffer, allowing the construction of a compressed 6LoWPAN packet that reads more bytes than available from the packet buffer.

Recommendations For Contiki-NG versions 4.6 and prior, users can apply the patch for this issue out-of-band as a workaround. At the moment, there is no information about a newer version that contains a fix for this vulnerability.