Contiki における整数アンダーフローの脆弱性
| Title |
Contiki における整数アンダーフローの脆弱性
|
| Summary |
Contiki には、整数アンダーフローの脆弱性が存在します。
|
| Possible impacts |
サービス運用妨害 (DoS) 状態にされる可能性があります。 |
| Solution |
ベンダ情報および参考情報を参照して適切な対策を実施してください。 |
| Publication Date |
March 24, 2021, midnight |
| Registration Date |
Nov. 29, 2021, 4:49 p.m. |
| Last Update |
Nov. 29, 2021, 4:49 p.m. |
|
CVSS3.0 : 重要
|
| Score |
7.5
|
| Vector |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
CVSS2.0 : 警告
|
| Score |
5
|
| Vector |
AV:N/AC:L/Au:N/C:N/I:N/A:P |
Affected System
| Contiki プロジェクト |
|
Contiki Operating System 3.0 まで
|
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
ベンダー情報
その他
Change Log
| No |
Changed Details |
Date of change |
| 1 |
[2021年11月29日]
掲載 |
Nov. 29, 2021, 4:49 p.m. |
NVD Vulnerability Information
CVE-2021-28362
| Summary |
An issue was discovered in Contiki through 3.0. When sending an ICMPv6 error message because of invalid extension header options in an incoming IPv6 packet, there is an attempt to remove the RPL extension headers. Because the packet length and the extension header length are unchecked (with respect to the available data) at this stage, and these variables are susceptible to integer underflow, it is possible to construct an invalid extension header that will cause memory corruption issues and lead to a Denial-of-Service condition. This is related to rpl-ext-header.c.
|
| Publication Date |
March 24, 2021, 11:15 p.m. |
| Registration Date |
March 25, 2021, 10:03 a.m. |
| Last Update |
Nov. 21, 2024, 2:59 p.m. |
Affected software configurations
| Configuration1 |
or higher |
or less |
more than |
less than |
| cpe:2.3:o:contiki-os:contiki:*:*:*:*:*:*:*:* |
|
3.0 |
|
|
Related information, measures and tools
Common Vulnerabilities List