One Article Review
| Source |  CVE Liste |
|---|---|
| Identifiant | 6666259 |
| Date de publication | 2022-09-01 12:15:10 (vue: 2022-09-01 15:06:50) |
| Titre | CVE-2022-36054 |
| Texte | Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in the Contiki-NG operating system (file os/net/ipv6/sicslowpan.c) contains an input function that processes incoming packets and copies them into a packet buffer. Because of a missing length check in the input function, it is possible to write outside the packet buffer's boundary. The vulnerability can be exploited by anyone who has the possibility to send 6LoWPAN packets to a Contiki-NG system. In particular, the vulnerability is exposed when sending either of two types of 6LoWPAN packets: an unfragmented packet or the first fragment of a fragmented packet. If the packet is sufficiently large, a subsequent memory copy will cause an out-of-bounds write with data supplied by the attacker. |
| Notes | |
| Envoyé | Oui |
| Condensat | 2022 36054 6lowpan anyone attacker because boundary bounds buffer can cause check contains contiki copies copy cross cve data devices either exploited exposed file first fragment fragmented function generation has implementation incoming input iot large length memory missing next open operating os/net/ipv6/sicslowpan out outside packet packets packets: particular platform possibility possible processes send sending source subsequent sufficiently supplied system them two types unfragmented vulnerability when who will write |
| Tags | Vulnerability |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.