CVE-2023-37281

Summary

CVE-2023-37281 is a vulnerability affecting Contiki-NG, an operating system used in internet-of-things devices. In versions 4.9 and below, the IPHC header decompression process lacks a crucial out-of-bound check for IPv6 addresses. An attacker can exploit this by injecting specially crafted packets containing manipulated `postcount` values, leading to an out-of-bound read of up to 16 bytes. This issue can result in information disclosure and potential system compromise. As of now, a patched version is unavailable. A recommended workaround is to apply the changes in Contiki-NG pull request #2509.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.