CVE-2022-36053 - OpenCVE

Vendors	Products
Contiki-ng	Contiki-ng

Link	Providers
https://github.com/contiki-ng/contiki-ng/pull/1648
https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-2j9c-7754-w4cw

{"containers": {"cna": {"affected": [{"product": "contiki-ng", "vendor": "contiki-ng", "versions": [{"status": "affected", "version": "< 4.8"}]}], "descriptions": [{"lang": "en", "value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The low-power IPv6 network stack of Contiki-NG has a buffer module (os/net/ipv6/uipbuf.c) that processes IPv6 extension headers in incoming data packets. As part of this processing, the function uipbuf_get_next_header casts a pointer to a uip_ext_hdr structure into the packet buffer at different offsets where extension headers are expected to be found, and then reads from this structure. Because of a lack of bounds checking, the casting can be done so that the structure extends beyond the packet's end. Hence, with a carefully crafted packet, it is possible to cause the Contiki-NG system to read data outside the packet buffer. A patch that fixes the vulnerability is included in Contiki-NG 4.8."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-01T12:00:14", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-2j9c-7754-w4cw"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/contiki-ng/contiki-ng/pull/1648"}], "source": {"advisory": "GHSA-2j9c-7754-w4cw", "discovery": "UNKNOWN"}, "title": "Out-of-bounds read in the uIP buffer module", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-36053", "STATE": "PUBLIC", "TITLE": "Out-of-bounds read in the uIP buffer module"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "contiki-ng", "version": {"version_data": [{"version_value": "< 4.8"}]}}]}, "vendor_name": "contiki-ng"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The low-power IPv6 network stack of Contiki-NG has a buffer module (os/net/ipv6/uipbuf.c) that processes IPv6 extension headers in incoming data packets. As part of this processing, the function uipbuf_get_next_header casts a pointer to a uip_ext_hdr structure into the packet buffer at different offsets where extension headers are expected to be found, and then reads from this structure. Because of a lack of bounds checking, the casting can be done so that the structure extends beyond the packet's end. Hence, with a carefully crafted packet, it is possible to cause the Contiki-NG system to read data outside the packet buffer. A patch that fixes the vulnerability is included in Contiki-NG 4.8."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-125: Out-of-bounds Read"}]}]}, "references": {"reference_data": [{"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-2j9c-7754-w4cw", "refsource": "CONFIRM", "url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-2j9c-7754-w4cw"}, {"name": "https://github.com/contiki-ng/contiki-ng/pull/1648", "refsource": "MISC", "url": "https://github.com/contiki-ng/contiki-ng/pull/1648"}]}, "source": {"advisory": "GHSA-2j9c-7754-w4cw", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T09:52:00.496Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-2j9c-7754-w4cw"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/contiki-ng/contiki-ng/pull/1648"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-36053", "datePublished": "2022-09-01T12:00:15", "dateReserved": "2022-07-15T00:00:00", "dateUpdated": "2024-08-03T09:52:00.496Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:contiki-ng:contiki-ng:*:*:*:*:*:*:*:*", "matchCriteriaId": "8753C87C-46B4-467B-9598-30E562D5CB38", "versionEndExcluding": "4.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The low-power IPv6 network stack of Contiki-NG has a buffer module (os/net/ipv6/uipbuf.c) that processes IPv6 extension headers in incoming data packets. As part of this processing, the function uipbuf_get_next_header casts a pointer to a uip_ext_hdr structure into the packet buffer at different offsets where extension headers are expected to be found, and then reads from this structure. Because of a lack of bounds checking, the casting can be done so that the structure extends beyond the packet's end. Hence, with a carefully crafted packet, it is possible to cause the Contiki-NG system to read data outside the packet buffer. A patch that fixes the vulnerability is included in Contiki-NG 4.8."}, {"lang": "es", "value": "Contiki-NG es un sistema operativo de c\u00f3digo abierto y multiplataforma para dispositivos IoT de Pr\u00f3xima Generaci\u00f3n. La pila de red IPv6 de bajo consumo de Contiki-NG presenta un m\u00f3dulo de b\u00fafer (os/net/ipv6/uipbuf.c) que procesa los encabezados de extensi\u00f3n IPv6 en los paquetes de datos entrantes. Como parte de este procesamiento, la funci\u00f3n uipbuf_get_next_header lanza un puntero a una estructura uip_ext_hdr en el b\u00fafer del paquete en los diferentes desplazamientos en los que es esperado encontrar las cabeceras de extensi\u00f3n, y luego lee de esta estructura. Debido a una falta de comprobaci\u00f3n de l\u00edmites, el casting puede hacerse de manera que la estructura sea extendida m\u00e1s all\u00e1 del final del paquete. Por lo tanto, con un paquete cuidadosamente dise\u00f1ado, es posible causar que el sistema Contiki-NG lea datos fuera del buffer del paquete. En Contiki-NG versi\u00f3n 4.8 es incluido un parche que corrige la vulnerabilidad"}], "id": "CVE-2022-36053", "lastModified": "2022-09-07T15:31:04.607", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 4.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-09-01T12:15:10.313", "references": [{"source": "security-advisories@github.com", "tags": ["Broken Link"], "url": "https://github.com/contiki-ng/contiki-ng/pull/1648"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-2j9c-7754-w4cw"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "security-advisories@github.com", "type": "Primary"}]}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object