CVE-2022-36052

Name of the Vulnerable Software and Affected Versions Contiki-NG versions prior to 4.8

Description The 6LoWPAN implementation in Contiki-NG may cast a UDP header structure at a certain offset in a packet buffer without checking if the packet buffer is large enough to fit a full UDP header structure from the offset where the casting is made. This can cause an out-of-bounds read beyond the packet buffer. The issue affects devices running Contiki-NG that may receive 6LoWPAN packets from external parties.

Recommendations For Contiki-NG versions prior to 4.8, update to Contiki-NG version 4.8 to resolve the issue. As a temporary workaround, consider restricting the reception of 6LoWPAN packets from external parties until the update is applied.