CVE-2023-50926
Vulnerability from cvelistv5
Published
2024-02-14 19:28
Modified
2024-08-02 22:23
Severity ?
EPSS score ?
Summary
Unvalidated DIO prefix info length in RPL-Lite in Contiki-NG
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | contiki-ng | contiki-ng |
Version: <= 4.9 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:contiki-ng:contiki-ng:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"lessThanOrEqual": "4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50926",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T18:20:51.715274Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T18:23:16.224Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:23:44.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-jp4p-fq85-jch2",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-jp4p-fq85-jch2"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/2721",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/2721"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"status": "affected",
"version": "\u003c= 4.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be caused by an incoming DIO message when using the RPL-Lite implementation in the Contiki-NG operating system. More specifically, the prefix information of the DIO message contains a field that specifies the length of an IPv6 address prefix. The value of this field is not validated, which means that an attacker can set a value that is longer than the maximum prefix length. Subsequently, a memcmp function call that compares different prefixes can be called with a length argument that surpasses the boundary of the array allocated for the prefix, causing an out-of-bounds read. The problem has been patched in the \"develop\" branch of Contiki-NG, and is expected to be included in the next release. Users are advised to update as soon as they are able to or to manually apply the changes in Contiki-NG pull request #2721."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T19:28:11.556Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-jp4p-fq85-jch2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-jp4p-fq85-jch2"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/2721",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/2721"
}
],
"source": {
"advisory": "GHSA-jp4p-fq85-jch2",
"discovery": "UNKNOWN"
},
"title": "Unvalidated DIO prefix info length in RPL-Lite in Contiki-NG"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-50926",
"datePublished": "2024-02-14T19:28:11.556Z",
"dateReserved": "2023-12-15T20:57:23.174Z",
"dateUpdated": "2024-08-02T22:23:44.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-50926\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-02-14T20:15:45.163\",\"lastModified\":\"2024-02-15T06:23:39.303\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be caused by an incoming DIO message when using the RPL-Lite implementation in the Contiki-NG operating system. More specifically, the prefix information of the DIO message contains a field that specifies the length of an IPv6 address prefix. The value of this field is not validated, which means that an attacker can set a value that is longer than the maximum prefix length. Subsequently, a memcmp function call that compares different prefixes can be called with a length argument that surpasses the boundary of the array allocated for the prefix, causing an out-of-bounds read. The problem has been patched in the \\\"develop\\\" branch of Contiki-NG, and is expected to be included in the next release. Users are advised to update as soon as they are able to or to manually apply the changes in Contiki-NG pull request #2721.\"},{\"lang\":\"es\",\"value\":\"Contiki-NG es un sistema operativo multiplataforma de c\u00f3digo abierto para dispositivos IoT de pr\u00f3xima generaci\u00f3n. Una lectura fuera de los l\u00edmites puede deberse a un mensaje DIO entrante cuando se utiliza la implementaci\u00f3n RPL-Lite en el sistema operativo Contiki-NG. M\u00e1s espec\u00edficamente, la informaci\u00f3n de prefijo del mensaje DIO contiene un campo que especifica la longitud de un prefijo de direcci\u00f3n IPv6. El valor de este campo no est\u00e1 validado, lo que significa que un atacante puede establecer un valor que sea mayor que la longitud m\u00e1xima del prefijo. Posteriormente, se puede llamar a una funci\u00f3n memcmp que compara diferentes prefijos con un argumento de longitud que supera el l\u00edmite de la matriz asignada para el prefijo, lo que provoca una lectura fuera de los l\u00edmites. El problema ha sido solucionado en la rama \\\"desarrollo\\\" de Contiki-NG y se espera que se incluya en la pr\u00f3xima versi\u00f3n. Se recomienda a los usuarios que actualicen tan pronto como puedan o que apliquen manualmente los cambios en la solicitud de extracci\u00f3n n.\u00b0 2721 de Contiki-NG.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"references\":[{\"url\":\"https://github.com/contiki-ng/contiki-ng/pull/2721\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-jp4p-fq85-jch2\",\"source\":\"security-advisories@github.com\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.