Home > Vulnerability Database > CVE-2022-36053

Mend.io Vulnerability Database

CVE-2022-36053

Good to know:

Date: September 1, 2022

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The low-power IPv6 network stack of Contiki-NG has a buffer module (os/net/ipv6/uipbuf.c) that processes IPv6 extension headers in incoming data packets. As part of this processing, the function uipbuf_get_next_header casts a pointer to a uip_ext_hdr structure into the packet buffer at different offsets where extension headers are expected to be found, and then reads from this structure. Because of a lack of bounds checking, the casting can be done so that the structure extends beyond the packet's end. Hence, with a carefully crafted packet, it is possible to cause the Contiki-NG system to read data outside the packet buffer. A patch that fixes the vulnerability is included in Contiki-NG 4.8.

Language: C

Severity Score

8.8

Related Resources (4)

Url: https://github.com/contiki-ng/contiki-ng/pull/1648

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-36053

Url: https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-2j9c-7754-w4cw

Url: https://www.mend.io/vulnerability-database/CVE-2022-36053

Severity Score

8.8

Weakness Type (CWE)

Out-of-bounds Read

CWE-125

Top Fix

Upgrade Version

Upgrade to version release/v4.8,develop/v4.8

Learn More

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-36053

Good to know:

Date: September 1, 2022

Language: C

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?