First published: Fri Jun 18 2021(Updated: )
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. The RPL-Classic and RPL-Lite implementations in the Contiki-NG operating system versions prior to 4.6 do not validate the address pointer in the RPL source routing header This makes it possible for an attacker to cause out-of-bounds writes with packets injected into the network stack. Specifically, the problem lies in the rpl_ext_header_srh_update function in the two rpl-ext-header.c modules for RPL-Classic and RPL-Lite respectively. The addr_ptr variable is calculated using an unvalidated CMPR field value from the source routing header. An out-of-bounds write can be triggered on line 151 in os/net/routing/rpl-lite/rpl-ext-header.c and line 261 in os/net/routing/rpl-classic/rpl-ext-header.c, which contain the following memcpy call with addr_ptr as destination. The problem has been patched in Contiki-NG 4.6. Users can apply a patch out-of-band as a workaround.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Contiki-ng Contiki-ng | <4.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-21257 is a vulnerability in the RPL-Classic and RPL-Lite implementations in the Contiki-NG operating system versions prior to 4.6.
Contiki-NG is an open-source, cross-platform operating system for internet of things devices.
CVE-2021-21257 allows an attacker to exploit a vulnerability in the RPL source routing header, potentially compromising the security of Contiki-NG devices running versions prior to 4.6.
The severity of CVE-2021-21257 is high, with a severity value of 7.5.
To fix CVE-2021-21257, it is recommended to update the Contiki-NG operating system to version 4.6 or later.