CVE-2024-47181

Name of the Vulnerable Software and Affected Versions Contiki-NG versions prior to the next release after 4.9

Description The issue is related to an unaligned memory access in the Contiki-NG operating system, specifically in its two RPL implementations. This can be triggered when an IPv6 packet contains an odd number of padded bytes before the RPL option, causing the rpl ext header hbh update function to read a 16-bit integer from an odd address. The impact of this unaligned read is architecture-dependent but can potentially cause the system to crash.

Recommendations For versions prior to the next release after 4.9, apply the changes in Contiki-NG pull request #2962 to patch the system or wait for the next release. As a temporary workaround, consider restricting the use of the RPL implementations until a patch is available.