CVE-2023-37281

CVSS Score of 10 (low)

Details

Published Sep 15, 2023
Updated: Sep 19, 2023
CWE ID 125

Summary

CVE-2023-37281 is a vulnerability in the Contiki-NG operating system for internet-of-things devices. Versions 4.9 and earlier are affected. The vulnerability allows an attacker to inject a packet that causes an out-of-bounds read, potentially leading to unauthorized access or information disclosure. The issue arises from a lack of bounds checking when decompressing IPv6 addresses, allowing up to 16 bytes to be read out of bounds. As of now, there is no patched version available, but a workaround can be implemented by applying the changes in Contiki-NG pull request #2509. The vulnerability has been rated as medium severity with a CVSS score of 5.3, indicating a moderate level of risk.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-37281 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options