The following PoC can be used to exploit the vulnerability: In a Contiki-NG system, send a 6LoWPAN packet of length greater than 8192 bytes. The length must be an integer larger than the length of the system's stack (8192). For example, to send a packet with a length of 9,999 bytes, send: 9,999 bytes of data (note that this will crash the system) The second step is to send the packet (step 1) to a device that processes 6LoWPAN packets. To exploit the vulnerability in a device, send the following data to the target device: 9,999 bytes of data (note that this will crash the system)
As of version 1.4.2, Contiki-NG implements a length check for 6LoWPAN packets. Therefore, it is no longer possible to send a packet of length greater than 8192 bytes.

Vulnerability discovered and identified

A vulnerability in Contiki-NG was discovered and identified on April 13th, 2019. This vulnerability allows for an attacker to send a 6LoWPAN packet of length greater than 8192 bytes. The length must be an integer larger than the length of the system's stack (8192). For example, to send a packet with a length of 9,999 bytes, send: 9,999 bytes of data (note that this will crash the system). The second step is then to send the packet to a device that processes 6LoWPAN packets. To exploit the vulnerability in a device, send the following data to the target device: 9,999 bytes of data (note that this will crash the system)
As of version 1.4.2, Contiki-NG implements a length check for 6LoWPAN packets. Therefore, it is no longer possible to send a packet of length greater than 8192 bytes.

CVE-2021-36053

The following PoC can be used to exploit the vulnerability: In a Contiki-NG system, send a 6LoWPAN packet with a length of greater than 8192 bytes. For example, to send a packet with a length of 9,999 bytes, send: 9,999 bytes of data (note that this will crash the system)
As of version 1.4.2, Contiki-NG implements a length check for 6LoWPAN packets. Therefore, it is no longer possible to send packets with lengths greater than 8192 bytes.

Timeline

Published on: 09/01/2022 12:15:00 UTC
Last modified on: 09/07/2022 15:08:00 UTC

References