See Recorded Future’s Threat Intelligence Solutions in Action

See our Threat Intelligence Solutions in Action

Reduce risk and mitigate cyber attacks, no matter your IT & security stack, maturity journey, or industry

Book a free demo

View Solutions to Reduce Risk

See Recorded Future’s Intelligence in Action

Reduce operational risk through timely, precise, and actionable intelligence.

Book a free demo

Intelligence Cloud Overview

View Services & Support Overview

View Research Overview

CVE-2023-50927

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Feb 14, 2024

Updated: Jan 7, 2025

CWE ID 125

Summary

CVE-2023-50927 is a vulnerability affecting Contiki-NG, an open-source operating system for IoT devices. An out-of-bounds read issue exists in the RPL-Lite implementation of the RPL protocol. This vulnerability arises due to insufficient checks on the lengths of DIO and DAO messages containing RPL sub-option headers. An attacker can exploit this flaw to read memory outside of the intended boundaries. Users are strongly recommended to upgrade to Contiki-NG 4.9, as a patch has been released. Alternatively, users unable to upgrade can manually apply the code changes provided in PR #2484.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Contiki-NG

Affected Vendors

Adam Dunkels

Advisories, Assessments, and Mitigations

Back to Vulnerability Database