Vulnerabilities > CVE-2023-30546 - Off-by-one Error vulnerability in Contiki-Ng

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

contiki-ng

CWE-193

NVD

Published: 2023-04-26

Updated: 2023-05-09

Summary

Contiki-NG is an operating system for Internet of Things devices. An off-by-one error can be triggered in the Antelope database management system in the Contiki-NG operating system in versions 4.8 and prior. The problem exists in the Contiki File System (CFS) backend for the storage of data (file os/storage/antelope/storage-cfs.c). In the functions `storage_get_index` and `storage_put_index`, a buffer for merging two strings is allocated with one byte less than the maximum size of the merged strings, causing subsequent function calls to the cfs_open function to read from memory beyond the buffer size. The vulnerability has been patched in the "develop" branch of Contiki-NG, and is expected to be included in the next release. As a workaround, the problem can be fixed by applying the patch in Contiki-NG pull request #2425.

Vulnerable Configurations

Part	Description	Count
OS	Contiki-Ng Contiki NG Contiki NG - Contiki NG Contiki NG 2.0 Contiki NG Contiki NG 2.1 Contiki NG Contiki NG 2.2 Contiki NG Contiki NG 2.2.1 Contiki NG Contiki NG 2.2.2 Contiki NG Contiki NG 2.2.3 Contiki NG Contiki NG 2.3 Contiki NG Contiki NG 2.4 Contiki NG Contiki NG 2.5 Contiki NG Contiki NG 2.6 Contiki NG Contiki NG 2.7 Contiki NG Contiki NG 3.0 Contiki NG Contiki NG 4.0 Contiki NG Contiki NG 4.1 Contiki NG Contiki NG 4.2 Contiki NG Contiki NG 4.3 Contiki NG Contiki NG 4.4 Contiki NG Contiki NG 4.5 Contiki NG Contiki NG 4.6 Contiki NG Contiki NG 4.7 Contiki NG Contiki NG 4.8	23

Common Weakness Enumeration (CWE)

CWE-193 - Off-by-one Error

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References