CVE-2021-28362 - An issue was discovered in Contiki through 3.0. When sending an ICMPv6 error message because of inva

CVE-2021-28362

Summary

An issue was discovered in Contiki through 3.0. When sending an ICMPv6 error message because of invalid extension header options in an incoming IPv6 packet, there is an attempt to remove the RPL extension headers. Because the packet length and the extension header length are unchecked (with respect to the available data) at this stage, and these variables are susceptible to integer underflow, it is possible to construct an invalid extension header that will cause memory corruption issues and lead to a Denial-of-Service condition. This is related to rpl-ext-header.c.

References

Vulnerable Configurations

cpe:2.3:o:contiki-os:contiki:-:*:*:*:*:*:*:*
cpe:2.3:o:contiki-os:contiki:-:*:*:*:*:*:*:*
cpe:2.3:o:contiki-os:contiki:2.0:*:*:*:*:*:*:*
cpe:2.3:o:contiki-os:contiki:2.0:*:*:*:*:*:*:*
cpe:2.3:o:contiki-os:contiki:2.1:*:*:*:*:*:*:*
cpe:2.3:o:contiki-os:contiki:2.1:*:*:*:*:*:*:*
cpe:2.3:o:contiki-os:contiki:2.2:*:*:*:*:*:*:*
cpe:2.3:o:contiki-os:contiki:2.2:*:*:*:*:*:*:*
cpe:2.3:o:contiki-os:contiki:2.2.1:*:*:*:*:*:*:*
cpe:2.3:o:contiki-os:contiki:2.2.1:*:*:*:*:*:*:*
cpe:2.3:o:contiki-os:contiki:2.2.2:*:*:*:*:*:*:*
cpe:2.3:o:contiki-os:contiki:2.2.2:*:*:*:*:*:*:*
cpe:2.3:o:contiki-os:contiki:2.2.3:*:*:*:*:*:*:*
cpe:2.3:o:contiki-os:contiki:2.2.3:*:*:*:*:*:*:*
cpe:2.3:o:contiki-os:contiki:2.3:*:*:*:*:*:*:*
cpe:2.3:o:contiki-os:contiki:2.3:*:*:*:*:*:*:*
cpe:2.3:o:contiki-os:contiki:2.4:*:*:*:*:*:*:*
cpe:2.3:o:contiki-os:contiki:2.4:*:*:*:*:*:*:*
cpe:2.3:o:contiki-os:contiki:2.5:*:*:*:*:*:*:*
cpe:2.3:o:contiki-os:contiki:2.5:*:*:*:*:*:*:*
cpe:2.3:o:contiki-os:contiki:2.6:*:*:*:*:*:*:*
cpe:2.3:o:contiki-os:contiki:2.6:*:*:*:*:*:*:*
cpe:2.3:o:contiki-os:contiki:2.7:*:*:*:*:*:*:*
cpe:2.3:o:contiki-os:contiki:2.7:*:*:*:*:*:*:*
cpe:2.3:o:contiki-os:contiki:3.0:*:*:*:*:*:*:*
cpe:2.3:o:contiki-os:contiki:3.0:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 26-03-2021 - 21:10)
Impact:
Exploitability:

CWE

CWE-191

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

Last major update

26-03-2021 - 21:10

Published

24-03-2021 - 14:15

Last modified

26-03-2021 - 21:10