Unrated severityNVD Advisory· Published Jun 18, 2021· Updated Aug 3, 2024

Out-of-bounds write when processing 6LoWPAN extension headers

CVE-2021-21280

Description

Contiki-NG is an open-source, cross-platform operating system for internet of things devices. It is possible to cause an out-of-bounds write in versions of Contiki-NG prior to 4.6 when transmitting a 6LoWPAN packet with a chain of extension headers. Unfortunately, the written header is not checked to be within the available space, thereby making it possible to write outside the buffer. The problem has been patched in Contiki-NG 4.6. Users can apply the patch for this vulnerability out-of-band as a workaround.

Affected products

Xwiki Contrib/Contiki Ngv5
Range: < 4.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/contiki-ng/contiki-ng/pull/1409mitrex_refsource_MISC
github.com/contiki-ng/contiki-ng/security/advisories/GHSA-r768-hrhf-v592mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000