CVE-2023-48229

Name of the Vulnerable Software and Affected Versions Contiki-NG (affected versions not specified)

Description An out-of-bounds write exists in the driver for IEEE 802.15.4 radios on nRF platforms in the Contiki-NG operating system. The issue is triggered when parsing radio frames in the read frame function in the arch/cpu/nrf/net/nrf-ieee-driver-arch.c module. The read frame function performs an incomplete validation of the payload length of the packet, which can be set by an external party. Although the value is validated to be in the range of the MTU length, it is not validated to fit into the given buffer into which the packet will be copied.

Recommendations As a temporary workaround, consider manually applying the changes in PR #2741 until a patch is available. Update the develop branch or update to a subsequent release when available to resolve the issue. Users unable to upgrade should consider applying the above workaround to minimize the risk of exploitation.