CVE-2023-34100

Contiki-NG is an open-source, cross-platform operating system for IoT devices. When reading the TCP MSS option value from an incoming packet, the Contiki-NG OS does not verify that certain buffer indices to read from are within the bounds of the IPv6 packet buffer, uip_buf. In particular, there is a 2-byte buffer read in the module os/net/ipv6/uip6.c. The buffer is indexed using 'UIP_IPTCPH_LEN + 2 + c' and 'UIP_IPTCPH_LEN + 3 + c', but the uip_buf buffer may not have enough data, resulting in a 2-byte read out of bounds. The problem has been patched in the "develop" branch of Contiki-NG, and is expected to be included in release 4.9. Users are advised to watch for the 4.9 release and to upgrade when it becomes available. There are no workarounds for this vulnerability aside from manually patching with the diff in commit `cde4e9839`.
Configurations

Configuration 1 (hide)

cpe:2.3:o:contiki-ng:contiki-ng:*:*:*:*:*:*:*:*

History

21 Jun 2023, 13:18

Type Values Removed Values Added
First Time Contiki-ng
Contiki-ng contiki-ng
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
CPE cpe:2.3:o:contiki-ng:contiki-ng:*:*:*:*:*:*:*:*
References (MISC) https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-3v7c-jq9x-cmph - (MISC) https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-3v7c-jq9x-cmph - Third Party Advisory
References (MISC) https://github.com/contiki-ng/contiki-ng/pull/2434/commits/cde4e98398a2f5b994972c8459342af3ba93b98e - (MISC) https://github.com/contiki-ng/contiki-ng/pull/2434/commits/cde4e98398a2f5b994972c8459342af3ba93b98e - Patch

09 Jun 2023, 18:33

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-09 18:15

Updated : 2023-12-10 15:01


NVD link : CVE-2023-34100

Mitre link : CVE-2023-34100

CVE.ORG link : CVE-2023-34100


JSON object : View

Products Affected

contiki-ng

  • contiki-ng
CWE
CWE-125

Out-of-bounds Read