Vulnerability Description
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In versions prior to 4.5, buffer overflow can be triggered by an input packet when using either of Contiki-NG's two RPL implementations in source-routing mode. The problem has been patched in Contiki-NG 4.5. Users can apply the patch for this vulnerability out-of-band as a workaround.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Contiki-Ng | Contiki-Ng | < 4.5 |
Related Weaknesses (CWE)
References
- https://github.com/contiki-ng/contiki-ng/pull/1183PatchThird Party Advisory
- https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-6xf2-77gf-fgjxPatchThird Party Advisory
- https://github.com/contiki-ng/contiki-ng/pull/1183PatchThird Party Advisory
- https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-6xf2-77gf-fgjxPatchThird Party Advisory
FAQ
What is CVE-2021-21282?
CVE-2021-21282 is a vulnerability with a CVSS score of 8.6 (HIGH). Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In versions prior to 4.5, buffer overflow can be triggered by an input packet when using either of Contiki...
How severe is CVE-2021-21282?
CVE-2021-21282 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-21282?
Check the references section above for vendor advisories and patch information. Affected products include: Contiki-Ng Contiki-Ng.