CVE-2023-23609

Name of the Vulnerable Software and Affected Versions Contiki-NG versions prior to and including 4.8

Description The issue concerns an out-of-bounds write in the BLE-L2CAP module of Contiki-NG, an open-source operating system for IoT devices. This module handles packet fragmentation up to the configured MTU size. When fragments are reassembled, they are stored in a packet buffer without verifying if the buffer is large enough, potentially leading to an out-of-bounds write of up to 1152 bytes in the default configuration.

Recommendations For versions prior to and including 4.8, apply the patch in Contiki-NG pull request #2254 to fix the issue. As a temporary workaround, consider restricting the use of the BLE-L2CAP module until the patch is applied.