Contiki Ng
CVE-2022-41873
MEDIUM
Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 are vulnerable to an Out-of-bounds read. While processing the L2CAP protocol, the Bluetooth Low Energy stack of Contiki-NG needs to map an incoming channel ID to its metadata structure. While looking up the corresponding channel structure in get_channel_for_cid (in os/net/mac/ble/ble-l2cap.c), a bounds check is performed on the incoming channel ID, which is meant to ensure that the channel ID does not exceed the maximum number of supported channels.However, an integer truncation issue leads to only the lowest byte of the channel ID to be checked, which leads to an incomplete out-of-bounds check. A crafted channel ID leads to out-of-bounds memory to be read and written with attacker-controlled data. The vulnerability has been patched in the "develop" branch of Contiki-NG, and will be included in release 4.9. As a workaround, Users can apply the patch in Contiki-NG pull request 2081 on GitHub.
AnalysisAI
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 are vulnerable to an Out-of-bounds read. While processing the L2CAP protocol, the Bluetooth Low Energy stack of Contiki-NG needs to map an incoming channel ID to its metadata structure. While looking up the corresponding channel structure in get_channel_for_cid (in os/net/mac/ble/ble-l2cap.c), a bounds check is performed on the incoming channel ID, which is meant to ensure that the channel ID does not exceed the maximum number of supported channels.However, an integer truncation issue leads to only the lowest byte of the channel ID to be checked, which leads to an incomplete out-of-bounds check. A crafted channel ID leads to out-of-bounds memory to be read and written with attacker-controlled data. The vulnerability has been patched in the "develop" branch of Contiki-NG, and will be included in release 4.9. As a workaround, Users can apply the patch in Contiki-NG pull request 2081 on GitHub. Affected products include: Contiki-Ng. Version information: prior to 4.9.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.
More in Contiki Ng
View allAn issue was discovered in the MQTT server in Contiki-NG before 4.2. Rated critical severity (CVSS 10.0), this vulnerabi
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. Rated critical severity (C
Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP bulk get request response encoding function.
Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. Rated critical severity (CVSS 9.8), t
contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can
Memory access out of buffer boundaries issues was discovered in Contiki-NG 4.4 through 4.5, in the SNMP BER encoder/deco
The Contiki-NG operating system versions 4.8 and prior can be triggered to dereference a NULL pointer in the message han
Contiki-NG is an open-source, cross-platform operating system for internet of things (IoT) devices. Rated critical sever
Contiki-NG is an open-source, cross-platform operating system for IoT devices. Rated critical severity (CVSS 9.8), this
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. Rated critical severity (C
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. Rated critical severity (C
An issue was discovered in Contiki through 3.0 and Contiki-NG through 4.5. Rated critical severity (CVSS 9.8), this vuln
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today