CVE-2023-50927
- Source
- https://cve.org/CVERecord?id=CVE-2023-50927
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-50927.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-50927
- Aliases
-
- GHSA-9423-rgj4-wjfw
- Published
- 2024-02-14T19:22:05.243Z
- Modified
- 2026-04-10T05:05:42.282791Z
- Severity
-
- 8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVSS Calculator
- Summary
- Insufficient boundary checks for DIO and DAO messages in RPL-Lite in Contiki-NG
- Details
-
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An attacker can trigger out-of-bounds reads in the RPL-Lite implementation of the RPL protocol in the Contiki-NG operating system. This vulnerability is caused by insufficient control of the lengths for DIO and DAO messages, in particular when they contain RPL sub-option headers. The problem has been patched in Contiki-NG 4.9. Users are advised to upgrade. Users unable to upgrade should manually apply the code changes in PR #2484.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/50xxx/CVE-2023-50927.json", "cwe_ids": [ "CWE-125" ], "cna_assigner": "GitHub_M" }- References
Affected packages
Git / github.com/contiki-ng/contiki-ng
Affected versions
2.*
2.0
2.1
2.2
2.2.1
2.2.2
2.2.3
2.3
2.4
2.5-release
2.6
2.6-rc0
develop/v3.*
develop/v3.x-fork
develop/v4.*
develop/v4.0
Other
fork
old/v2.*
old/v2.0
old/v2.1
old/v2.2
old/v2.2.1
old/v2.2.2
old/v2.2.3
old/v2.3
old/v2.4
old/v2.6
release/v4.*
release/v4.0
release/v4.1
release/v4.2
release/v4.3
release/v4.4
release/v4.5
release/v4.6
release/v4.7
release/v4.8