Vulnerability Description
Contiki-NG is an open-source, cross-platform operating system for IoT devices. When reading the TCP MSS option value from an incoming packet, the Contiki-NG OS does not verify that certain buffer indices to read from are within the bounds of the IPv6 packet buffer, uip_buf. In particular, there is a 2-byte buffer read in the module os/net/ipv6/uip6.c. The buffer is indexed using 'UIP_IPTCPH_LEN + 2 + c' and 'UIP_IPTCPH_LEN + 3 + c', but the uip_buf buffer may not have enough data, resulting in a 2-byte read out of bounds. The problem has been patched in the "develop" branch of Contiki-NG, and is expected to be included in release 4.9. Users are advised to watch for the 4.9 release and to upgrade when it becomes available. There are no workarounds for this vulnerability aside from manually patching with the diff in commit `cde4e9839`.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Contiki-Ng | Contiki-Ng | <= 4.8 |
Related Weaknesses (CWE)
References
- https://github.com/contiki-ng/contiki-ng/pull/2434/commits/cde4e98398a2f5b994972Patch
- https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-3v7c-jq9x-cmphThird Party Advisory
- https://github.com/contiki-ng/contiki-ng/pull/2434/commits/cde4e98398a2f5b994972Patch
- https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-3v7c-jq9x-cmphThird Party Advisory
FAQ
What is CVE-2023-34100?
CVE-2023-34100 is a vulnerability with a CVSS score of 7.3 (HIGH). Contiki-NG is an open-source, cross-platform operating system for IoT devices. When reading the TCP MSS option value from an incoming packet, the Contiki-NG OS does not verify that certain buffer indi...
How severe is CVE-2023-34100?
CVE-2023-34100 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-34100?
Check the references section above for vendor advisories and patch information. Affected products include: Contiki-Ng Contiki-Ng.