CVE-2024-47181

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 27, 2024
CWE ID 704

Summary

CVE-2024-47181 is a vulnerability affecting the Contiki-NG operating system for IoT devices. Two RPL implementations in Contiki-NG are susceptible to an unaligned memory access issue. This issue can be triggered when an IPv6 packet with an odd number of padded bytes before the RPL option is received. The result is an unaligned read of a 16-bit integer from an odd address, which can cause the system to crash. The vulnerability has not been patched in release 4.9, but the changes from Contiki-NG pull request #2962 can be applied as a temporary fix. The next Contiki-NG release will include the patch.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share