CVE-2023-37281

Name of the Vulnerable Software and Affected Versions Contiki-NG versions 4.9 and prior

Description Contiki-NG is an operating system for internet-of-things devices. The issue arises during IPHC header decompression when processing IPv6 header fields. Specifically, the system fails to check if the received packet buffer contains enough data before decompressing the IPv6 address, allowing up to 16 bytes to be read out of bounds. This is due to the statement memcpy(&ipaddr->u8[16 - postcount], iphc ptr, postcount);, where the value of postcount can be controlled by an attacker based on the address compression used in the received packet. As a result, an attacker can inject a packet that causes an out-of-bound read.

Recommendations For Contiki-NG versions 4.9 and prior, as a temporary workaround, apply the changes in Contiki-NG pull request #2509 to patch the system. At the moment, there is no information about a newer version that contains a fix for this vulnerability.