CVE-2023-50927 Insufficient boundary checks for DIO and DAO messages in RPL-Lite in Contiki-NG

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An attacker can trigger out-of-bounds reads in the RPL-Lite implementation of the RPL protocol in the Contiki-NG operating system. This vulnerability is caused by insufficient control of the lengths for...

CVE-2023-34101 Contiki-NG vulnerable to out-of-bounds read when processing ICMP DAO input

Contiki-NG is an operating system for internet of things devices. In version 4.8 and prior, when processing ICMP DAO packets in the daoinputstoring function, the Contiki-NG OS does not verify that the packet buffer is big enough to contain the bytes it needs before accessing them. Up to 16 bytes...

PT-2023-24672 · Unknown · Contiki-Ng

Name of the Vulnerable Software and Affected Versions: Contiki-NG versions prior to 4.9 Description: The issue arises when the Contiki-NG OS processes ICMP DAO packets in the dao input storing function without verifying that the packet buffer is sufficiently large, leading to potential...