Vulnerability Details : CVE-2022-36053

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The low-power IPv6 network stack of Contiki-NG has a buffer module (os/net/ipv6/uipbuf.c) that processes IPv6 extension headers in incoming data packets. As part of this processing, the function uipbuf_get_next_header casts a pointer to a uip_ext_hdr structure into the packet buffer at different offsets where extension headers are expected to be found, and then reads from this structure. Because of a lack of bounds checking, the casting can be done so that the structure extends beyond the packet's end. Hence, with a carefully crafted packet, it is possible to cause the Contiki-NG system to read data outside the packet buffer. A patch that fixes the vulnerability is included in Contiki-NG 4.8.
Published 2022-09-01 12:15:10
Updated 2022-09-07 15:31:05
Source GitHub, Inc.
View at NVD,   CVE.org

Products affected by CVE-2022-36053

Exploit prediction scoring system (EPSS) score for CVE-2022-36053

EPSS FAQ
0.08%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 20 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-36053

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
8.8
 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2.8
5.9
 NIST
5.9
 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1.6
4.2
 GitHub, Inc.

CWE ids for CVE-2022-36053

  • The product reads data past the end, or before the beginning, of the intended buffer.
    Assigned by: security-advisories@github.com (Primary)

References for CVE-2022-36053

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close