Uncontrolled recursion due to insufficient validation of the IPv6 source routing header in Contiki-NG

Contiki-NG is an open-source, cross-platform operating system for IoT devices. The Contiki-NG operating system processes source routing headers (SRH) in its two alternative RPL protocol implementations. The IPv6 implementation uses the results of this processing to determine whether an incoming packet should be forwarded to another host. Because of missing validation of the resulting next-hop address, an uncontrolled recursion may occur in the tcpip_ipv6_output function in the os/net/ipv6/tcpip.c module when receiving a packet with a next-hop address that is a local address. Attackers that have the possibility to send IPv6 packets to the Contiki-NG host can therefore trigger deeply nested recursive calls, which can cause a stack overflow. The vulnerability has not been patched in the current release of Contiki-NG, but is expected to be patched in the next release. The problem can be fixed by applying the patch in Contiki-NG pull request #2264. Users are advised to either apply the patch manually or to wait for the next release. There are no known workarounds for this vulnerability.

N/A

未经控制的递归

Contiki-NG 安全漏洞

Contiki-NG是Contiki-NG开源的一个适用于物联网中资源受限设备的操作系统。 Contiki-NG 4.9及之前版本存在安全漏洞，该漏洞源于缺少对下一跳地址的有效验证，可能产生非受控递归，使得攻击者能够通过发送特定IPv6数据包触发深层嵌套的递归调用，从而造成栈溢出。

N/A

N/A