CVE-2024-47181
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-47181 is a vulnerability affecting the Contiki-NG operating system for IoT devices. Two RPL implementations in Contiki-NG are susceptible to an unaligned memory access issue. This issue can be triggered when an IPv6 packet with an odd number of padded bytes before the RPL option is received. The result is an unaligned read of a 16-bit integer from an odd address, which can cause the system to crash. The vulnerability has not been patched in release 4.9, but the changes from Contiki-NG pull request #2962 can be applied as a temporary fix. The next Contiki-NG release will include the patch.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Contiki-NG
Affected Vendors
- Adam Dunkels