CVE-2022-36054

{"id": "CVE-2022-36054", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.6}]}, "published": "2022-09-01T12:15:10.387", "references": [{"url": "https://github.com/contiki-ng/contiki-ng/pull/1648", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-c36p-vhwg-244c", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in the Contiki-NG operating system (file os/net/ipv6/sicslowpan.c) contains an input function that processes incoming packets and copies them into a packet buffer. Because of a missing length check in the input function, it is possible to write outside the packet buffer's boundary. The vulnerability can be exploited by anyone who has the possibility to send 6LoWPAN packets to a Contiki-NG system. In particular, the vulnerability is exposed when sending either of two types of 6LoWPAN packets: an unfragmented packet or the first fragment of a fragmented packet. If the packet is sufficiently large, a subsequent memory copy will cause an out-of-bounds write with data supplied by the attacker."}, {"lang": "es", "value": "Contiki-NG es un sistema operativo de c\u00f3digo abierto y multiplataforma para dispositivos IoT de Pr\u00f3xima Generaci\u00f3n. La implementaci\u00f3n de 6LoWPAN en el sistema operativo Contiki-NG (archivo os/net/ipv6/sicslowpan.c) contiene una funci\u00f3n de entrada que procesa los paquetes entrantes y los copia en un b\u00fafer de paquetes. Debido a una falta de comprobaci\u00f3n de longitud en la funci\u00f3n de entrada, es posible escribir fuera de l\u00edmites del b\u00fafer de paquetes. La vulnerabilidad puede ser explotada por cualquiera que tenga la posibilidad de enviar paquetes 6LoWPAN a un sistema Contiki-NG. En particular, la vulnerabilidad queda expuesta cuando es enviado cualquiera de los dos tipos de paquetes 6LoWPAN: un paquete no fragmentado o el primer fragmento de un paquete fragmentado. Si el paquete es lo suficientemente grande, una copia de memoria posterior causar\u00e1 una escritura fuera de l\u00edmites con los datos suministrados por el atacante"}], "lastModified": "2022-09-07T15:08:05.903", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:contiki-ng:contiki-ng:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8753C87C-46B4-467B-9598-30E562D5CB38", "versionEndExcluding": "4.8"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}