Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Buffer overflow in contiki-ng
Vulnerability Description
Contiki-NG is an open-source, cross-platform operating system for IoT devices. In affected versions it is possible to cause a buffer overflow when copying an IPv6 address prefix in the RPL-Classic implementation in Contiki-NG. In order to trigger the vulnerability, the Contiki-NG system must have joined an RPL DODAG. After that, an attacker can send a DAO packet with a Target option that contains a prefix length larger than 128 bits. The problem was fixed after the release of Contiki-NG 4.7. Users unable to upgrade may apply the patch in Contiki-NG PR #1615.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)
Vulnerability Title
Contiki-NG 安全漏洞
Vulnerability Description
Contiki-NG是一套用于下一代IoT(物联网)设备的开源跨平台操作系统。 Contiki-NG 4.7及以前的版本存在安全漏洞,该漏洞源于攻击者在RPL-Classic实现中复制IPv6地址前缀时,可能会导致缓冲区溢出。触发该漏洞的前提是Contiki-NG系统必须加入RPL DODAG。在此之后,攻击者可以发送一个带有Target选项的DAO包(其中包含大于128位的前缀长度)。
CVSS Information
N/A
Vulnerability Type
N/A