Details of VAR-202411-2619

ID

VAR-202411-2619

CVE

CVE-2024-47181

TITLE

Contiki-NG Illegal type conversion vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2024-022130

DESCRIPTION

Contiki-NG is an open-source, cross-platform operating system for IoT devices. An unaligned memory access can be triggered in the two RPL implementations of the Contiki-NG operating system. The problem can occur when either one of these RPL implementations is enabled and connected to an RPL instance. If an IPv6 packet containing an odd number of padded bytes before the RPL option, it can cause the rpl_ext_header_hbh_update function to read a 16-bit integer from an odd address. The impact of this unaligned read is architecture-dependent, but can potentially cause the system to crash. The problem has not been patched as of release 4.9, but will be included in the next release. One can apply the changes in Contiki-NG pull request #2962 to patch the system or wait for the next release. Contiki-NG Exists in a vulnerability related to illegal type conversion.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-47181 // JVNDB: JVNDB-2024-022130

AFFECTED PRODUCTS

vendor:	contiki ng	model:	contiki-ng	scope:	lte	version:	4.9	Trust: 1.0
vendor:	contiki ng	model:	contiki-ng	scope:	-	version:	-	Trust: 0.8
vendor:	contiki ng	model:	contiki-ng	scope:	lte	version:	4.9 and earlier	Trust: 0.8
vendor:	contiki ng	model:	contiki-ng	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2024-022130 // NVD: CVE-2024-47181

CVSS

SEVERITY

CVSSV2

CVSSV3

security-advisories@github.com:	CVE-2024-47181
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2024-47181
value:	HIGH
Trust: 1.0
NVD:	CVE-2024-47181
value:	HIGH
Trust: 0.8

security-advisories@github.com:	CVE-2024-47181
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2024-47181
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-022130 // NVD: CVE-2024-47181 // NVD: CVE-2024-47181

PROBLEMTYPE DATA

problemtype:	CWE-704	Trust: 1.0
problemtype:	Illegal type conversion or cast (CWE-704) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-022130 // NVD: CVE-2024-47181

EXTERNAL IDS

db:	NVD	id:	CVE-2024-47181	Trust: 2.6
db:	JVNDB	id:	JVNDB-2024-022130	Trust: 0.8

sources: JVNDB: JVNDB-2024-022130 // NVD: CVE-2024-47181

REFERENCES

url:	https://github.com/contiki-ng/contiki-ng/pull/2962	Trust: 1.8
url:	https://github.com/contiki-ng/contiki-ng/security/advisories/ghsa-crjw-x84h-h6x3	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-47181	Trust: 0.8

sources: JVNDB: JVNDB-2024-022130 // NVD: CVE-2024-47181

SOURCES

db:	JVNDB	id:	JVNDB-2024-022130
db:	NVD	id:	CVE-2024-47181

LAST UPDATE DATE

2025-04-18T03:48:54.058000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-022130	date:	2025-04-16T00:39:00
db:	NVD	id:	CVE-2024-47181	date:	2025-04-10T14:49:56.173

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-022130	date:	2025-04-16T00:00:00
db:	NVD	id:	CVE-2024-47181	date:	2024-11-27T19:15:33.247