{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-48229", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-11-13T13:25:18.481Z", "datePublished": "2024-02-14T18:30:31.708Z", "dateUpdated": "2024-08-02T21:23:39.188Z"}, "containers": {"cna": {"title": "Out-of-bounds write in the radio driver for Contiki-NG nRF platforms", "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "lang": "en", "description": "CWE-787: Out-of-bounds Write", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-rcwv-xwc9-5hp2", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-rcwv-xwc9-5hp2"}, {"name": "https://github.com/contiki-ng/contiki-ng/pull/2741", "tags": ["x_refsource_MISC"], "url": "https://github.com/contiki-ng/contiki-ng/pull/2741"}], "affected": [{"vendor": "contiki-ng", "product": "contiki-ng", "versions": [{"version": "<= 4.9", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-02-14T18:30:31.708Z"}, "descriptions": [{"lang": "en", "value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds write exists in the driver for IEEE 802.15.4 radios on nRF platforms in the Contiki-NG operating system. The problem is triggered when parsing radio frames in the `read_frame` function in the `arch/cpu/nrf/net/nrf-ieee-driver-arch.c` module. More specifically, the `read_frame` function performs an incomplete validation of the payload length of the packet, which is a value that can be set by an external party that sends radio packets to a Contiki-NG system. Although the value is validated to be in the range of the MTU length, it is not validated to fit into the given buffer into which the packet will be copied. The problem has been patched in the \"develop\" branch of Contiki-NG and is expected to be included in subsequent releases. Users are advised to update their develop branch or to update to a subsequent release when available. Users unable to upgrade should consider manually applying the changes in PR #2741."}], "source": {"advisory": "GHSA-rcwv-xwc9-5hp2", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-48229", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-21T20:42:28.790349Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:27:39.833Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:23:39.188Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-rcwv-xwc9-5hp2", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-rcwv-xwc9-5hp2"}, {"name": "https://github.com/contiki-ng/contiki-ng/pull/2741", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/contiki-ng/contiki-ng/pull/2741"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-rcwv-xwc9-5hp2", "name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-rcwv-xwc9-5hp2", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/contiki-ng/contiki-ng/pull/2741", "name": "https://github.com/contiki-ng/contiki-ng/pull/2741", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:23:39.188Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-48229", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-21T20:42:28.790349Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:12.624Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Out-of-bounds write in the radio driver for Contiki-NG nRF platforms", "source": {"advisory": "GHSA-rcwv-xwc9-5hp2", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "contiki-ng", "product": "contiki-ng", "versions": [{"status": "affected", "version": "<= 4.9"}]}], "references": [{"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-rcwv-xwc9-5hp2", "name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-rcwv-xwc9-5hp2", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/contiki-ng/contiki-ng/pull/2741", "name": "https://github.com/contiki-ng/contiki-ng/pull/2741", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds write exists in the driver for IEEE 802.15.4 radios on nRF platforms in the Contiki-NG operating system. The problem is triggered when parsing radio frames in the `read_frame` function in the `arch/cpu/nrf/net/nrf-ieee-driver-arch.c` module. More specifically, the `read_frame` function performs an incomplete validation of the payload length of the packet, which is a value that can be set by an external party that sends radio packets to a Contiki-NG system. Although the value is validated to be in the range of the MTU length, it is not validated to fit into the given buffer into which the packet will be copied. The problem has been patched in the \"develop\" branch of Contiki-NG and is expected to be included in subsequent releases. Users are advised to update their develop branch or to update to a subsequent release when available. Users unable to upgrade should consider manually applying the changes in PR #2741."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-02-14T18:30:31.708Z"}}}, "cveMetadata": {"cveId": "CVE-2023-48229", "state": "PUBLISHED", "dateUpdated": "2024-08-02T21:23:39.188Z", "dateReserved": "2023-11-13T13:25:18.481Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-02-14T18:30:31.708Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:contiki-ng:contiki-ng:*:*:*:*:*:*:*:*", "matchCriteriaId": "5ECE789E-8C10-42CB-BD98-A301AC471904", "versionEndIncluding": "4.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds write exists in the driver for IEEE 802.15.4 radios on nRF platforms in the Contiki-NG operating system. The problem is triggered when parsing radio frames in the `read_frame` function in the `arch/cpu/nrf/net/nrf-ieee-driver-arch.c` module. More specifically, the `read_frame` function performs an incomplete validation of the payload length of the packet, which is a value that can be set by an external party that sends radio packets to a Contiki-NG system. Although the value is validated to be in the range of the MTU length, it is not validated to fit into the given buffer into which the packet will be copied. The problem has been patched in the \"develop\" branch of Contiki-NG and is expected to be included in subsequent releases. Users are advised to update their develop branch or to update to a subsequent release when available. Users unable to upgrade should consider manually applying the changes in PR #2741."}, {"lang": "es", "value": "Contiki-NG es un sistema operativo multiplataforma de c\u00f3digo abierto para dispositivos IoT de pr\u00f3xima generaci\u00f3n. Existe una escritura fuera de los l\u00edmites en el controlador para radios IEEE 802.15.4 en plataformas nRF en el sistema operativo Contiki-NG. El problema se desencadena al analizar tramas de radio en la funci\u00f3n `read_frame` en el m\u00f3dulo `arch/cpu/nrf/net/nrf-ieee-driver-arch.c`. M\u00e1s espec\u00edficamente, la funci\u00f3n `read_frame` realiza una validaci\u00f3n incompleta de la longitud de el payload del paquete, que es un valor que puede establecer una parte externa que env\u00eda paquetes de radio a un sistema Contiki-NG. Aunque se valida que el valor est\u00e9 en el rango de longitud de MTU, no se valida para que quepa en el b\u00fafer dado en el que se copiar\u00e1 el paquete. El problema ha sido solucionado en la rama \"desarrollo\" de Contiki-NG y se espera que se incluya en versiones posteriores. Se recomienda a los usuarios que actualicen su rama de desarrollo o que actualicen a una versi\u00f3n posterior cuando est\u00e9 disponible. Los usuarios que no puedan actualizar deben considerar aplicar manualmente los cambios en PR #2741."}], "id": "CVE-2023-48229", "lastModified": "2025-01-06T15:28:46.193", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.7, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-14T19:15:08.893", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/contiki-ng/contiki-ng/pull/2741"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-rcwv-xwc9-5hp2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/contiki-ng/contiki-ng/pull/2741"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-rcwv-xwc9-5hp2"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}