3 matches found
CVE-2023-34100 Out-of-Bounds Read in contiki-ng
Contiki-NG is an open-source, cross-platform operating system for IoT devices. When reading the TCP MSS option value from an incoming packet, the Contiki-NG OS does not verify that certain buffer indices to read from are within the bounds of the IPv6 packet buffer, uipbuf. In particular, there is...
CVE-2023-34100 Out-of-Bounds Read in contiki-ng
Contiki-NG is an open-source, cross-platform operating system for IoT devices. When reading the TCP MSS option value from an incoming packet, the Contiki-NG OS does not verify that certain buffer indices to read from are within the bounds of the IPv6 packet buffer, uipbuf. In particular, there is...
CVE-2023-34100
Contiki-NG vulnerability CVE-2023-34100 causes a 2-byte out-of-bounds read in the IPv6/TCP MSS handling (uip6.c) when reading the MSS option, due to unsafe buffer indexing in uip_buf. The issue is triggered by indexing UIP_IPTCPH_LEN + 2 + c and UIP_IPTCPH_LEN + 3 + c beyond available data. Conti...