Infinite loop in IPv6 neighbor solicitation processing

Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In verions prior to 4.6, an attacker can perform a denial-of-service attack by triggering an infinite loop in the processing of IPv6 neighbor solicitation (NS) messages. This type of attack can effectively shut down the operation of the system because of the cooperative scheduling used for the main parts of Contiki-NG and its communication stack. The problem has been patched in Contiki-NG 4.6. Users can apply the patch for this vulnerability out-of-band as a workaround.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

不可达退出条件的循环(无限循环)

Contiki-NG 安全漏洞

Contiki-NG是一套用于下一代IoT（物联网）设备的开源跨平台操作系统。 Contiki-NG 存在安全漏洞，该漏洞源于在4.6之前的版本中，通过在处理IPv6邻居请求(neighbor solicitation, NS)消息时触发无限循环来执行拒绝服务攻击。攻击者可利用该漏洞有效地关闭系统的运行。

N/A

N/A