CVE-2022-36054

Name of the Vulnerable Software and Affected Versions Contiki-NG (affected versions not specified)

Description The 6LoWPAN implementation in the Contiki-NG operating system contains an input function that processes incoming packets and copies them into a packet buffer. Due to a missing length check in the input function, it is possible to write outside the packet buffer's boundary. The issue can be exploited by sending either an unfragmented packet or the first fragment of a fragmented packet to a Contiki-NG system. If the packet is sufficiently large, a subsequent memory copy will cause an out-of-bounds write with data supplied by the attacker.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.