3 matches found
CVE-2023-37281
Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when processing the various IPv6 header fields during IPHC header decompression, Contiki-NG confirms the received packet buffer contains enough data as needed for that field. But no similar check is done...
CVE-2023-37281 Out-of-bounds read during IPHC address decompression
Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when processing the various IPv6 header fields during IPHC header decompression, Contiki-NG confirms the received packet buffer contains enough data as needed for that field. But no similar check is done...
CVE-2023-37281
CVE-2023-37281 affects Contiki-NG (versions ≤ 4.9) where IPHC header decompression lacks a bounds check before decoding the IPv6 address. An attacker-controlled value (postcount) can trigger an out-of-bounds read via the line memcpy(&ipaddr->u8[16 - postcount], iphc_ptr, postcount);, enabling ...