CVE-2023-50927

CVSS v3.1

8.6

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Contiki-NG versions prior to 4.9

Description The issue is caused by insufficient control of the lengths for DIO and DAO messages, particularly when they contain RPL sub-option headers, allowing an attacker to trigger out-of-bounds reads in the RPL-Lite implementation of the RPL protocol in the Contiki-NG operating system.

Recommendations For versions prior to 4.9, upgrade to Contiki-NG 4.9 to resolve the issue. For users unable to upgrade, manually apply the code changes in PR #2484 as a temporary workaround.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2023-50927

GHSA-9423-RGJ4-WJFW

Affected Products

Contiki-Ng

CVE-2023-50927

Weakness Enumeration

Related Identifiers

Affected Products

References · 8