CVE-2023-50927

CVSS 3.1 Score 8.6 of 10 (high)

Details

Published Feb 14, 2024

Updated: Feb 15, 2024

CWE ID 125

Summary

CVE-2023-50927 is a vulnerability affecting the Contiki-NG operating system for IoT devices. This open-source, cross-platform OS has an issue with the RPL-Lite implementation of the RPL protocol, which can lead to out-of-bounds reads. The root cause is insufficient validation of message lengths, particularly when dealing with RPL sub-option headers. Attackers can exploit this vulnerability to trigger reads beyond intended memory boundaries. To mitigate the risk, users are advised to upgrade to Contiki-NG 4.9, or manually apply the code changes from PR #2484 if an upgrade isn't possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/t0Yf-k
https://www.cve.org/CVERecord?id=CVE-2023-50927
https://nvd.nist.gov/vuln/detail/CVE-2023-50927

Back to Vulnerability Database

CVE-2023-50927

CVSS 3.1 Score 8.6 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations