First published: Thu Apr 23 2020(Updated: )
An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. A buffer overflow is present due to an integer underflow during 6LoWPAN fragment processing in the face of truncated fragments in os/net/ipv6/sicslowpan.c. This results in accesses of unmapped memory, crashing the application. An attacker can cause a denial-of-service via a crafted 6LoWPAN frame.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Contiki-ng Contiki-ng | <=4.3 | |
Contiki-os Contiki | <=3.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-9183 is a vulnerability discovered in Contiki-NG and Contiki that allows a buffer overflow due to an integer underflow during 6LoWPAN fragment processing, resulting in crashing the application.
CVE-2019-9183 has a severity level of 7.5 (high).
CVE-2019-9183 affects Contiki-NG versions up to and including 4.3, and Contiki versions up to and including 3.0.
To fix CVE-2019-9183, it is recommended to upgrade to Contiki-NG version 4.4 or newer, or Contiki version 3.1 or newer.
More information about CVE-2019-9183 can be found at the following references: [Reference 1](https://github.com/contiki-ng/contiki-ng/pull/972), [Reference 2](https://github.com/contiki-ng/contiki-ng/releases/tag/release%2Fv4.4), [Reference 3](https://www.usenix.org/system/files/sec20summer_clements_prepub.pdf)