CVE-2023-37281
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Summary
CVE-2023-37281 is a vulnerability affecting Contiki-NG, an operating system used in internet-of-things devices. In versions 4.9 and below, the IPHC header decompression process lacks a crucial out-of-bound check for IPv6 addresses. An attacker can exploit this by injecting specially crafted packets containing manipulated `postcount` values, leading to an out-of-bound read of up to 16 bytes. This issue can result in information disclosure and potential system compromise. As of now, a patched version is unavailable. A recommended workaround is to apply the changes in Contiki-NG pull request #2509.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Contiki-NG
Affected Vendors
- Adam Dunkels
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions