CVE-2023-34101

Name of the Vulnerable Software and Affected Versions Contiki-NG versions prior to 4.9

Description The issue arises when the Contiki-NG OS processes ICMP DAO packets in the dao input storing function without verifying that the packet buffer is sufficiently large, leading to potential out-of-bounds reads of up to 16 bytes. An attacker can exploit this by truncating an ICMP packet, causing the system to access data beyond the buffer's bounds.

Recommendations For Contiki-NG versions prior to 4.9, apply the changes in Contiki-NG pull request #2435 to patch the system. For version 4.9 and later, no action is required as the issue is expected to be resolved in this release.