Uncontrolled Recursion Affecting contiki-os/contiki package, versions [0,]


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.04% (11th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UNMANAGED-CONTIKIOSCONTIKI-8442257
  • published28 Nov 2024
  • disclosed27 Nov 2024
  • creditTobias Scharnowski, Simon Wörner, Diff-fusion

Introduced: 27 Nov 2024

NewCVE-2023-29001  (opens in a new tab)
CWE-674  (opens in a new tab)

How to fix?

A fix was pushed into the master branch but not yet published.

Overview

Affected versions of this package are vulnerable to Uncontrolled Recursion through the tcpip_ipv6_output function in the os/net/ipv6/tcpip.c module. An attacker can cause a stack overflow by sending IPv6 packets with a next-hop address that is a local address.

Note: This is only exploitable if the attacker has the capability to send IPv6 packets directly to the host.

CVSS Scores

version 4.0
version 3.1