CVE-2023-29001

Name of the Vulnerable Software and Affected Versions Contiki-NG (affected versions not specified)

Description The Contiki-NG operating system has an issue with its IPv6 implementation, specifically in the processing of source routing headers (SRH) in its two alternative RPL protocol implementations. This can lead to uncontrolled recursion in the tcpip ipv6 output function when receiving a packet with a next-hop address that is a local address, potentially causing a stack overflow. Attackers who can send IPv6 packets to the Contiki-NG host can trigger this issue. There are no known workarounds for this issue.

Recommendations To resolve the issue, users are advised to either apply the patch manually from Contiki-NG pull request #2264 or wait for the next release of Contiki-NG, which is expected to include the fix. As a temporary workaround, consider restricting access to the tcpip ipv6 output function in the os/net/ipv6/tcpip.c module until a patch is available.