CVE-2023-23609 - OpenCVE

Vendors	Products
Contiki-ng	Contiki-ng

Link	Resource
https://github.com/contiki-ng/contiki-ng/pull/2254	Patch Third Party Advisory
https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-qr4q-6h3m-h3g7	Patch Third Party Advisory

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-23609", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-01-16T17:07:46.241Z", "datePublished": "2023-01-25T06:15:34.128Z"}, "containers": {"cna": {"title": "contiki-ng BLE-L2CAP contains Improper size validation of L2CAP frames", "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "lang": "en", "description": "CWE-787: Out-of-bounds Write", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-qr4q-6h3m-h3g7", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-qr4q-6h3m-h3g7"}, {"name": "https://github.com/contiki-ng/contiki-ng/pull/2254", "tags": ["x_refsource_MISC"], "url": "https://github.com/contiki-ng/contiki-ng/pull/2254"}], "affected": [{"vendor": "contiki-ng", "product": "contiki-ng", "versions": [{"version": "<= 4.8", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-01-25T06:15:34.128Z"}, "descriptions": [{"lang": "en", "value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to and including 4.8 are vulnerable to an out-of-bounds write that can occur in the BLE-L2CAP module. The Bluetooth Low Energy - Logical Link Control and Adaptation Layer Protocol (BLE-L2CAP) module handles fragmentation of packets up the configured MTU size. When fragments are reassembled, they are stored in a packet buffer of a configurable size, but there is no check to verify that the packet buffer is large enough to hold the reassembled packet. In Contiki-NG's default configuration, it is possible that an out-of-bounds write of up to 1152 bytes occurs. The vulnerability has been patched in the \"develop\" branch of Contiki-NG, and will be included in release 4.9. The problem can be fixed by applying the patch in Contiki-NG pull request #2254 prior to the release of version 4.9."}], "source": {"advisory": "GHSA-qr4q-6h3m-h3g7", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:contiki-ng:contiki-ng:*:*:*:*:*:*:*:*", "matchCriteriaId": "729B4607-C6BD-42DE-91BF-918A57D29A77", "versionEndIncluding": "4.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to and including 4.8 are vulnerable to an out-of-bounds write that can occur in the BLE-L2CAP module. The Bluetooth Low Energy - Logical Link Control and Adaptation Layer Protocol (BLE-L2CAP) module handles fragmentation of packets up the configured MTU size. When fragments are reassembled, they are stored in a packet buffer of a configurable size, but there is no check to verify that the packet buffer is large enough to hold the reassembled packet. In Contiki-NG's default configuration, it is possible that an out-of-bounds write of up to 1152 bytes occurs. The vulnerability has been patched in the \"develop\" branch of Contiki-NG, and will be included in release 4.9. The problem can be fixed by applying the patch in Contiki-NG pull request #2254 prior to the release of version 4.9."}, {"lang": "es", "value": "Contiki-NG es un sistema operativo multiplataforma de c\u00f3digo abierto para dispositivos IoT de pr\u00f3xima generaci\u00f3n. Las versiones anteriores a la 4.8 incluida son vulnerables a una escritura fuera de los l\u00edmites que puede ocurrir en el m\u00f3dulo BLE-L2CAP. El m\u00f3dulo Bluetooth de baja energ\u00eda: protocolo de capa de adaptaci\u00f3n y control de enlace l\u00f3gico (BLE-L2CAP) maneja la fragmentaci\u00f3n de paquetes hasta el tama\u00f1o de MTU configurado. Cuando se vuelven a ensamblar los fragmentos, se almacenan en un b\u00fafer de paquetes de un tama\u00f1o configurable, pero no se verifica que el b\u00fafer de paquetes sea lo suficientemente grande para contener el paquete reensamblado. En la configuraci\u00f3n predeterminada de Contiki-NG, es posible que se produzca una escritura fuera de los l\u00edmites de hasta 1152 bytes. La vulnerabilidad ha sido parcheada en la rama \"desarrollo\" de Contiki-NG y se incluir\u00e1 en la versi\u00f3n 4.9. El problema se puede solucionar aplicando el parche en la solicitud de extracci\u00f3n #2254 de Contiki-NG antes del lanzamiento de la versi\u00f3n 4.9."}], "id": "CVE-2023-23609", "lastModified": "2023-02-07T19:59:57.987", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-01-26T21:18:14.100", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/contiki-ng/contiki-ng/pull/2254"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-qr4q-6h3m-h3g7"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "security-advisories@github.com", "type": "Primary"}]}

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

JSON object

JSON object

JSON object