First published: Fri Sep 15 2023(Updated: )
Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when a packet is received, the Contiki-NG network stack attempts to start the periodic TCP timer if it is a TCP packet with the SYN flag set. But the implementation does not first verify that a full TCP header has been received. Specifically, the implementation attempts to access the flags field from the TCP buffer in the following conditional expression in the `check_for_tcp_syn` function. For this reason, an attacker can inject a truncated TCP packet, which will lead to an out-of-bound read from the packet buffer. As of time of publication, a patched version is not available. As a workaround, one can apply the changes in Contiki-NG pull request #2510 to patch the system.
Credit: security-advisories@github.com security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Contiki-ng Contiki-ng | <=4.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-37459 is a vulnerability in the Contiki-NG operating system for internet-of-things devices, where the implementation does not verify a full TCP header before starting the periodic TCP timer for TCP packets with the SYN flag set.
The severity of CVE-2023-37459 is medium with a CVSS score of 5.3.
CVE-2023-37459 affects Contiki-NG versions 4.9 and prior.
To fix CVE-2023-37459, update to a version of Contiki-NG that is newer than 4.9.
CWE-125 is a Common Weakness Enumeration category for out-of-bounds read, which is the underlying weakness associated with CVE-2023-37459.