CVE-2023-34100

Name of the Vulnerable Software and Affected Versions Contiki-NG versions prior to 4.9

Description The issue is related to a buffer overflow in the os/net/ipv6/uip6.c component of Contiki-NG, an open-source operating system for IoT devices. This occurs when handling the Maximum Segment Size (MSS) parameter values from incoming packets. The problem arises because the system does not verify that certain buffer indices are within the bounds of the IPv6 packet buffer, uip buf, leading to a 2-byte read out of bounds. This can be exploited by a remote attacker to cause a denial of service.

Recommendations For Contiki-NG versions prior to 4.9, upgrade to version 4.9 when it becomes available to resolve the issue. As a temporary workaround, consider manually patching with the diff in commit cde4e9839. There are no other workarounds aside from this manual patching.