CVE-2021-28362

{"id": "CVE-2021-28362", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-03-24T14:15:14.173", "references": [{"url": "https://github.com/contiki-os/contiki/releases", "tags": ["Release Notes", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.kb.cert.org/vuls/id/815128", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-191"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Contiki through 3.0. When sending an ICMPv6 error message because of invalid extension header options in an incoming IPv6 packet, there is an attempt to remove the RPL extension headers. Because the packet length and the extension header length are unchecked (with respect to the available data) at this stage, and these variables are susceptible to integer underflow, it is possible to construct an invalid extension header that will cause memory corruption issues and lead to a Denial-of-Service condition. This is related to rpl-ext-header.c."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Contiki versiones hasta 3.0. Cuando se env\u00eda un mensaje de error ICMPv6 debido a opciones de encabezado de extensi\u00f3n no v\u00e1lidas en un paquete IPv6 entrante, se intenta eliminar los encabezados de extensi\u00f3n RPL. Debido a que la longitud del paquete y la longitud del encabezado de extensi\u00f3n no est\u00e1n marcadas (con respecto a los datos disponibles) en esta etapa, y estas variables son susceptibles de subdesbordamiento de enteros, es posible construir un encabezado de extensi\u00f3n no v\u00e1lido que causar\u00e1 problemas de corrupci\u00f3n de memoria y conllevar\u00e1 a una condici\u00f3n de denegaci\u00f3n de servicio. Esto est\u00e1 relacionado con el archivo rpl-ext-header.c"}], "lastModified": "2021-03-26T21:10:44.483", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:contiki-os:contiki:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBD2BE71-F851-4136-816D-EF61154FD2C4", "versionEndIncluding": "3.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}