CVE-2022-36053

Name of the Vulnerable Software and Affected Versions Contiki-NG versions prior to 4.8

Description The low-power IPv6 network stack of Contiki-NG has a buffer module that processes IPv6 extension headers in incoming data packets. The function uipbuf get next header casts a pointer to a uip ext hdr structure into the packet buffer at different offsets where extension headers are expected to be found, and then reads from this structure. Due to a lack of bounds checking, the casting can be done so that the structure extends beyond the packet's end. With a carefully crafted packet, it is possible to cause the Contiki-NG system to read data outside the packet buffer.

Recommendations For versions prior to 4.8, update to Contiki-NG 4.8 to fix the issue. As a temporary workaround, consider restricting the processing of IPv6 extension headers in incoming data packets until the patch is applied.