CVE-2023-30546

Name of the Vulnerable Software and Affected Versions Contiki-NG versions 4.8 and prior

Description An off-by-one error can be triggered in the Antelope database management system in the Contiki-NG operating system. The problem exists in the Contiki File System (CFS) backend for the storage of data, specifically in the file os/storage/antelope/storage-cfs.c. In the functions storage get index and storage put index, a buffer for merging two strings is allocated with one byte less than the maximum size of the merged strings, causing subsequent function calls to the cfs open function to read from memory beyond the buffer size.

Recommendations For Contiki-NG versions 4.8 and prior, apply the patch in Contiki-NG pull request #2425 as a workaround to fix the issue.