CVE-2023-31129— Contiki-NG 代码问题漏洞

Contiki-NG missing NULL pointer check in IPv6 neighbor discovery

The Contiki-NG operating system versions 4.8 and prior can be triggered to dereference a NULL pointer in the message handling code for IPv6 router solicitiations. Contiki-NG contains an implementation of IPv6 Neighbor Discovery (ND) in the module `os/net/ipv6/uip-nd6.c`. The ND protocol includes a message type called Router Solicitation (RS), which is used to locate routers and update their address information via the SLLAO (Source Link-Layer Address Option). If the indicated source address changes, a given neighbor entry is set to the STALE state. The message handler does not check for RS messages with an SLLAO that indicates a link-layer address change that a neighbor entry can actually be created for the indicated address. The resulting pointer is used without a check, leading to the dereference of a NULL pointer of type `uip_ds6_nbr_t`. The problem has been patched in the `develop` branch of Contiki-NG, and will be included in the upcoming 4.9 release. As a workaround, users can apply Contiki-NG pull request #2271 to patch the problem directly.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

空指针解引用

Contiki-NG 代码问题漏洞

Contiki-NG是一套用于下一代IoT（物联网）设备的开源跨平台操作系统。 Contiki-NG 4.8及之前版本存在代码问题漏洞，该漏洞源于消息处理程序不会检查带有 SLLAO 的 RS 消息，SLLAO 指示链路层地址更改，实际上可以为指示的地址创建邻居条目，结果指针在没有检查的情况下使用，导致取消引用类型为 uip_ds6_nbr_t 的 NULL 指针。

N/A

N/A