CVE-2024-47181

{"id": "CVE-2024-47181", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-11-27T19:15:33.247", "references": [{"url": "https://github.com/contiki-ng/contiki-ng/pull/2962", "tags": ["Issue Tracking", "Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-crjw-x84h-h6x3", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-704"}]}], "descriptions": [{"lang": "en", "value": "Contiki-NG is an open-source, cross-platform operating system for IoT devices. An unaligned memory access can be triggered in the two RPL implementations of the Contiki-NG operating system. The problem can occur when either one of these RPL implementations is enabled and connected to an RPL instance. If an IPv6 packet containing an odd number of padded bytes before the RPL option, it can cause the rpl_ext_header_hbh_update function to read a 16-bit integer from an odd address. The impact of this unaligned read is architecture-dependent, but can potentially cause the system to crash. The problem has not been patched as of release 4.9, but will be included in the next release. One can apply the changes in Contiki-NG pull request #2962 to patch the system or wait for the next release."}, {"lang": "es", "value": "Contiki-NG es un sistema operativo multiplataforma de c\u00f3digo abierto para dispositivos IoT. Se puede activar un acceso a memoria no alineado en las dos implementaciones RPL del sistema operativo Contiki-NG. El problema puede ocurrir cuando cualquiera de estas implementaciones RPL est\u00e1 habilitada y conectada a una instancia RPL. Si un paquete IPv6 contiene una cantidad impar de bytes rellenados antes de la opci\u00f3n RPL, puede provocar que la funci\u00f3n rpl_ext_header_hbh_update lea un entero de 16 bits desde una direcci\u00f3n impar. El impacto de esta lectura no alineada depende de la arquitectura, pero puede provocar que el sistema se bloquee. El problema no se ha solucionado a partir de la versi\u00f3n 4.9, pero se incluir\u00e1 en la pr\u00f3xima versi\u00f3n. Se pueden aplicar los cambios en la solicitud de incorporaci\u00f3n de cambios de Contiki-NG n.\u00b0 2962 para aplicar un parche al sistema o esperar a la pr\u00f3xima versi\u00f3n."}], "lastModified": "2025-04-10T14:49:56.173", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:contiki-ng:contiki-ng:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5ECE789E-8C10-42CB-BD98-A301AC471904", "versionEndIncluding": "4.9"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}