Uncontrolled Recursion Risk: Stack Overflow Vulnerability in Contiki-NG
Contiki-NG is a free and open system for IoT gadgets. It works on multiple platforms. This system uses source routing headers (SRH) in its two types of RPL protocols. The system's IPv6 can use this info to check if a packet should go to another place. But it does not check the next-hop address well, which could lead to a problem. When a packet comes in with a next-hop address that's a local address, the tcpip_ipv6_output function can get stuck in a loop. This happens in the os/net/ipv6/tcpip.c file. Attackers who can send IPv6 packets could make it call itself many times, causing a stack overflow. The issue is not yet fixed in the latest Contiki-NG version. But it should be fixed in the next one. The fix is in Contiki-NG pull request #2264. Users should apply this fix themselves or wait for the next version. There are no known fixes other than this.