Home > Vulnerability Database > CVE-2024-47181

Mend.io Vulnerability Database

CVE-2024-47181

Date: November 27, 2024

Contiki-NG is an open-source, cross-platform operating system for IoT devices. An unaligned memory access can be triggered in the two RPL implementations of the Contiki-NG operating system. The problem can occur when either one of these RPL implementations is enabled and connected to an RPL instance. If an IPv6 packet containing an odd number of padded bytes before the RPL option, it can cause the rpl_ext_header_hbh_update function to read a 16-bit integer from an odd address. The impact of this unaligned read is architecture-dependent, but can potentially cause the system to crash. The problem has not been patched as of release 4.9, but will be included in the next release. One can apply the changes in Contiki-NG pull request #2962 to patch the system or wait for the next release.

Language: C

Severity Score

7.5

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-47181

Url: https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-crjw-x84h-h6x3

Url: https://github.com/contiki-ng/contiki-ng/pull/2962

Url: https://www.mend.io/vulnerability-database/CVE-2024-47181

Severity Score

7.5

Weakness Type (CWE)

Incorrect Type Conversion or Cast

CWE-704

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-47181

Date: November 27, 2024

Language: C

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?