CVE-2023-48229: Out-of-bounds write in the radio driver for Contiki-NG nRF platforms
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds write exists in the driver for IEEE 802.15.4 radios on nRF platforms in the Contiki-NG operating system. The problem is triggered when parsing radio frames in the `read_frame` function in the `arch/cpu/nrf/net/nrf-ieee-driver-arch.c` module. More specifically, the `read_frame` function performs an incomplete validation of the payload length of the packet, which is a value that can be set by an external party that sends radio packets to a Contiki-NG system. Although the value is validated to be in the range of the MTU length, it is not validated to fit into the given buffer into which the packet will be copied. The problem has been patched in the "develop" branch of Contiki-NG and is expected to be included in subsequent releases. Users are advised to update their develop branch or to update to a subsequent release when available. Users unable to upgrade should consider manually applying the changes in PR #2741.
Affected Software
Remediation
Patch Available
Event History
Frequently Asked Questions
What is the severity of CVE-2023-48229?
CVE-2023-48229 has been classified as a high severity vulnerability.
How do I fix CVE-2023-48229?
To fix CVE-2023-48229, upgrade the Contiki-NG operating system to version 4.10 or later.
What components are affected by CVE-2023-48229?
CVE-2023-48229 affects the driver for IEEE 802.15.4 radios on nRF platforms in the Contiki-NG OS.
What causes the vulnerability CVE-2023-48229?
CVE-2023-48229 is triggered by an out-of-bounds write when parsing radio frames.
Which versions of Contiki-NG are vulnerable to CVE-2023-48229?
Versions of Contiki-NG up to and including 4.9 are vulnerable to CVE-2023-48229.