CVE-2022-35926 is a medium-severity vulnerability identified in Contiki-NG, an open-source, cross-platform operating system widely used in Internet of Things (IoT) devices. The vulnerability arises from an out-of-bounds read condition in the IPv6 neighbor discovery (ND) implementation, specifically within the uip-nd6.c module. Contiki-NG processes IPv6 neighbor solicitation packets to manage network neighbor relationships. However, due to insufficient validation of the IPv6 ND options, particularly the 2-byte option header and the Source Link-Layer Address Option (SLLAO), an attacker can craft malicious neighbor solicitation packets that cause the system to read memory beyond the bounds of the main packet buffer (uip_buf). This out-of-bounds read can lead to undefined behavior, including potential information disclosure or system instability. The vulnerability requires IPv6 to be enabled on the network and does not require authentication or user interaction, making it exploitable remotely by an attacker with network access. The issue has been addressed in the development branch of Contiki-NG and will be included in the upcoming 4.8 release. For users unable to upgrade, a patch is available in Pull Request #1654. No known exploits have been reported in the wild to date, but the vulnerability poses a risk to IoT devices running vulnerable versions of Contiki-NG prior to 4.8.

For European organizations deploying IoT devices running Contiki-NG, this vulnerability could lead to several adverse impacts. The out-of-bounds read may allow attackers to access sensitive memory contents, potentially leaking confidential information from IoT devices. Additionally, the undefined behavior caused by the memory violation could destabilize devices, leading to denial of service (DoS) conditions that disrupt critical IoT functions. Given the increasing reliance on IoT in sectors such as manufacturing, smart cities, healthcare, and energy management across Europe, exploitation could impair operational continuity and data integrity. The vulnerability's remote exploitability without authentication increases the attack surface, especially in environments where IPv6 is enabled and network segmentation is insufficient. While no active exploits are known, the potential for attackers to leverage this flaw to compromise large-scale IoT deployments poses a significant risk to European infrastructure and services that depend on Contiki-NG-based devices.

European organizations should prioritize upgrading Contiki-NG deployments to version 4.8 or later to incorporate the official patch. For devices where upgrading is not immediately feasible, applying the patch from Contiki-NG Pull Request #1654 is critical to mitigate the vulnerability. Network administrators should implement strict IPv6 neighbor discovery filtering and validation at network boundaries to detect and block malformed neighbor solicitation packets. Deploying intrusion detection systems (IDS) with signatures tailored to detect anomalous IPv6 ND traffic can provide early warning of exploitation attempts. Segmenting IoT networks and restricting access to trusted devices can reduce exposure. Additionally, organizations should conduct thorough inventories of IoT devices running Contiki-NG to identify vulnerable systems and monitor them for unusual behavior or crashes indicative of exploitation. Regular firmware integrity checks and anomaly detection on IoT endpoints can further enhance defense-in-depth strategies.