{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T21:31:41.837","vulnerabilities":[{"cve":{"id":"CVE-2022-36054","sourceIdentifier":"security-advisories@github.com","published":"2022-09-01T12:15:10.387","lastModified":"2024-11-21T07:12:16.653","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in the Contiki-NG operating system (file os/net/ipv6/sicslowpan.c) contains an input function that processes incoming packets and copies them into a packet buffer. Because of a missing length check in the input function, it is possible to write outside the packet buffer's boundary. The vulnerability can be exploited by anyone who has the possibility to send 6LoWPAN packets to a Contiki-NG system. In particular, the vulnerability is exposed when sending either of two types of 6LoWPAN packets: an unfragmented packet or the first fragment of a fragmented packet. If the packet is sufficiently large, a subsequent memory copy will cause an out-of-bounds write with data supplied by the attacker."},{"lang":"es","value":"Contiki-NG es un sistema operativo de código abierto y multiplataforma para dispositivos IoT de Próxima Generación. La implementación de 6LoWPAN en el sistema operativo Contiki-NG (archivo os/net/ipv6/sicslowpan.c) contiene una función de entrada que procesa los paquetes entrantes y los copia en un búfer de paquetes. Debido a una falta de comprobación de longitud en la función de entrada, es posible escribir fuera de límites del búfer de paquetes. La vulnerabilidad puede ser explotada por cualquiera que tenga la posibilidad de enviar paquetes 6LoWPAN a un sistema Contiki-NG. En particular, la vulnerabilidad queda expuesta cuando es enviado cualquiera de los dos tipos de paquetes 6LoWPAN: un paquete no fragmentado o el primer fragmento de un paquete fragmentado. Si el paquete es lo suficientemente grande, una copia de memoria posterior causará una escritura fuera de límites con los datos suministrados por el atacante"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:contiki-ng:contiki-ng:*:*:*:*:*:*:*:*","versionEndExcluding":"4.8","matchCriteriaId":"8753C87C-46B4-467B-9598-30E562D5CB38"}]}]}],"references":[{"url":"https://github.com/contiki-ng/contiki-ng/pull/1648","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-c36p-vhwg-244c","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/contiki-ng/contiki-ng/pull/1648","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-c36p-vhwg-244c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}