Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2022-35927

Published: 04/08/2022 Updated: 11/08/2022
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Contiki-ng

Vulnerability Summary

Contiki-NG is an open-source, cross-platform operating system for IoT devices. In the RPL-Classic routing protocol implementation in the Contiki-NG operating system, an incoming DODAG Information Option (DIO) control message can contain a prefix information option with a length parameter. The value of the length parameter is not validated, however, and it is possible to cause a buffer overflow when copying the prefix in the set_ip_from_prefix function. This vulnerability affects anyone running a Contiki-NG version before 4.7 that can receive RPL DIO messages from external parties. To obtain a patched version, users should upgrade to Contiki-NG 4.7 or later. There are no workarounds for this issue.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

contiki-ng contiki-ng

References

CWE-120https://github.com/contiki-ng/contiki-ng/pull/1589/commits/4fffab0e632c4d01910fa957d1fd9ef321eb87d2https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-9rm9-3phh-p4wmhttps://github.com/contiki-ng/contiki-ng/pull/1589https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-25525CVE-2024-4652CVE-2024-1438CVE-2024-4671CVE-2024-34351arbitrary CVE-2024-4650SQL injectionoverflow
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook