3 matches found
CVE-2022-35927 Unverified DIO prefix info lengths in RPL-Classic in Contiki-NG
Contiki-NG is an open-source, cross-platform operating system for IoT devices. In the RPL-Classic routing protocol implementation in the Contiki-NG operating system, an incoming DODAG Information Option DIO control message can contain a prefix information option with a length parameter. The value...
CVE-2022-35927 Unverified DIO prefix info lengths in RPL-Classic in Contiki-NG
Contiki-NG is an open-source, cross-platform operating system for IoT devices. In the RPL-Classic routing protocol implementation in the Contiki-NG operating system, an incoming DODAG Information Option DIO control message can contain a prefix information option with a length parameter. The value...
CVE-2022-35927
Contiki-NG: The RPL-Classic implementation accepts DIO messages with a DIO prefix information option whose length is not validated, enabling a buffer overflow in set_ip_from_prefix. Affected: Contiki-NG versions prior to 4.7 that can receive external DIOs. Impact: potential memory corruption lead...