CVE-2021-32771

Name of the Vulnerable Software and Affected Versions Contiki-NG versions prior to 4.7

Description Contiki-NG is an open-source, cross-platform operating system for IoT devices. A buffer overflow can occur when copying an IPv6 address prefix in the RPL-Classic implementation. To trigger this issue, the Contiki-NG system must have joined an RPL DODAG, and then an attacker can send a DAO packet with a Target option containing a prefix length larger than 128 bits.

Recommendations For versions prior to 4.7, update to Contiki-NG 4.7 or apply the patch in Contiki-NG PR #1615 to resolve the issue. As a temporary workaround, consider restricting the ability to send DAO packets with large prefix lengths until the patch is applied.