Impact
Because of insufficient validation of IPv6 neighbor discovery options in Contiki-NG, attackers can send neighbor solicitation packets that trigger an out-of-bounds read.
The problem exists in the module os/net/ipv6/uip-nd6.c, where memory read operations from the main packet buffer, uip_buf
, are not checked if they go out of bounds. In particular, this problem can occur when attempting to read the 2-byte option header and the Source Link-Layer Address Option (SLLAO).
Patches
The problem has been patched in the develop branch of Contiki-NG. The upcoming 4.8 release of Contiki-NG will include the patch.
Workarounds
Users can apply the patch in Contiki-NG PR #1654.
For more information
If you have any questions or comments about this advisory:
Impact
Because of insufficient validation of IPv6 neighbor discovery options in Contiki-NG, attackers can send neighbor solicitation packets that trigger an out-of-bounds read.
The problem exists in the module os/net/ipv6/uip-nd6.c, where memory read operations from the main packet buffer,
uip_buf
, are not checked if they go out of bounds. In particular, this problem can occur when attempting to read the 2-byte option header and the Source Link-Layer Address Option (SLLAO).Patches
The problem has been patched in the develop branch of Contiki-NG. The upcoming 4.8 release of Contiki-NG will include the patch.
Workarounds
Users can apply the patch in Contiki-NG PR #1654.
For more information
If you have any questions or comments about this advisory: