CVE-2022-36054: CWE-787: Out-of-bounds Write in contiki-ng contiki-ng
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in the Contiki-NG operating system (file os/net/ipv6/sicslowpan.c) contains an input function that processes incoming packets and copies them into a packet buffer. Because of a missing length check in the input function, it is possible to write outside the packet buffer's boundary. The vulnerability can be exploited by anyone who has the possibility to send 6LoWPAN packets to a Contiki-NG system. In particular, the vulnerability is exposed when sending either of two types of 6LoWPAN packets: an unfragmented packet or the first fragment of a fragmented packet. If the packet is sufficiently large, a subsequent memory copy will cause an out-of-bounds write with data supplied by the attacker.
AI Analysis
Technical Summary
CVE-2022-36054 is a medium-severity vulnerability identified in Contiki-NG, an open-source operating system designed for next-generation Internet of Things (IoT) devices. The vulnerability exists in the 6LoWPAN protocol implementation within the Contiki-NG OS, specifically in the file os/net/ipv6/sicslowpan.c. The issue arises from a missing length check in the input function responsible for processing incoming 6LoWPAN packets and copying their contents into a packet buffer. This flaw allows an attacker to perform an out-of-bounds write when sending either an unfragmented 6LoWPAN packet or the first fragment of a fragmented packet that is sufficiently large. The out-of-bounds write occurs because the function copies data beyond the allocated buffer size, potentially corrupting adjacent memory. Exploitation requires the attacker to have the capability to send crafted 6LoWPAN packets to a device running a vulnerable version of Contiki-NG (versions prior to 4.8). This vulnerability could lead to memory corruption, which may result in unpredictable behavior including crashes, denial of service, or potentially arbitrary code execution depending on the device architecture and memory layout. However, no known exploits have been reported in the wild to date. Given the nature of the vulnerability, exploitation does not require authentication but does require network access to the vulnerable 6LoWPAN interface. The vulnerability affects a specialized subset of IoT devices that utilize Contiki-NG and 6LoWPAN for low-power wireless communication, commonly found in constrained environments such as sensor networks and industrial IoT deployments.
Potential Impact
For European organizations deploying IoT devices based on Contiki-NG, especially in critical infrastructure sectors such as smart metering, industrial automation, and building management systems, this vulnerability poses a risk of device compromise or disruption. An attacker capable of sending malicious 6LoWPAN packets could cause device crashes or potentially execute arbitrary code, leading to denial of service or unauthorized control of IoT endpoints. This could disrupt operational technology environments, degrade service availability, and compromise data integrity. Given the increasing adoption of IoT in European smart cities and industrial sectors, exploitation could have cascading effects on network reliability and safety systems. The impact is heightened in environments where devices are deployed in unattended or remote locations, making physical remediation difficult. However, the attack surface is limited to networks where 6LoWPAN is used and where attackers have direct or indirect access to the wireless network segment. Since no public exploits are known, the immediate risk is moderate but could increase if exploit code becomes available.
Mitigation Recommendations
European organizations should prioritize updating Contiki-NG deployments to version 4.8 or later, where this vulnerability is addressed. For devices that cannot be immediately updated, network-level mitigations should be implemented, such as segmenting 6LoWPAN networks from untrusted sources and employing strict access controls on wireless interfaces to restrict packet injection. Monitoring network traffic for anomalous or oversized 6LoWPAN packets can help detect exploitation attempts. Additionally, organizations should conduct an inventory of IoT devices running Contiki-NG and assess their exposure to external or semi-trusted networks. Employing intrusion detection systems tailored for IoT protocols and regularly auditing firmware versions will further reduce risk. Where feasible, deploying network-level encryption and authentication mechanisms for 6LoWPAN communications can limit unauthorized packet injection. Finally, organizations should engage with device vendors to obtain patches and security updates and consider compensating controls such as device isolation or fail-safe modes to mitigate potential impacts.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Finland, Belgium, Poland
CVE-2022-36054: CWE-787: Out-of-bounds Write in contiki-ng contiki-ng
Description
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in the Contiki-NG operating system (file os/net/ipv6/sicslowpan.c) contains an input function that processes incoming packets and copies them into a packet buffer. Because of a missing length check in the input function, it is possible to write outside the packet buffer's boundary. The vulnerability can be exploited by anyone who has the possibility to send 6LoWPAN packets to a Contiki-NG system. In particular, the vulnerability is exposed when sending either of two types of 6LoWPAN packets: an unfragmented packet or the first fragment of a fragmented packet. If the packet is sufficiently large, a subsequent memory copy will cause an out-of-bounds write with data supplied by the attacker.
AI-Powered Analysis
Technical Analysis
CVE-2022-36054 is a medium-severity vulnerability identified in Contiki-NG, an open-source operating system designed for next-generation Internet of Things (IoT) devices. The vulnerability exists in the 6LoWPAN protocol implementation within the Contiki-NG OS, specifically in the file os/net/ipv6/sicslowpan.c. The issue arises from a missing length check in the input function responsible for processing incoming 6LoWPAN packets and copying their contents into a packet buffer. This flaw allows an attacker to perform an out-of-bounds write when sending either an unfragmented 6LoWPAN packet or the first fragment of a fragmented packet that is sufficiently large. The out-of-bounds write occurs because the function copies data beyond the allocated buffer size, potentially corrupting adjacent memory. Exploitation requires the attacker to have the capability to send crafted 6LoWPAN packets to a device running a vulnerable version of Contiki-NG (versions prior to 4.8). This vulnerability could lead to memory corruption, which may result in unpredictable behavior including crashes, denial of service, or potentially arbitrary code execution depending on the device architecture and memory layout. However, no known exploits have been reported in the wild to date. Given the nature of the vulnerability, exploitation does not require authentication but does require network access to the vulnerable 6LoWPAN interface. The vulnerability affects a specialized subset of IoT devices that utilize Contiki-NG and 6LoWPAN for low-power wireless communication, commonly found in constrained environments such as sensor networks and industrial IoT deployments.
Potential Impact
For European organizations deploying IoT devices based on Contiki-NG, especially in critical infrastructure sectors such as smart metering, industrial automation, and building management systems, this vulnerability poses a risk of device compromise or disruption. An attacker capable of sending malicious 6LoWPAN packets could cause device crashes or potentially execute arbitrary code, leading to denial of service or unauthorized control of IoT endpoints. This could disrupt operational technology environments, degrade service availability, and compromise data integrity. Given the increasing adoption of IoT in European smart cities and industrial sectors, exploitation could have cascading effects on network reliability and safety systems. The impact is heightened in environments where devices are deployed in unattended or remote locations, making physical remediation difficult. However, the attack surface is limited to networks where 6LoWPAN is used and where attackers have direct or indirect access to the wireless network segment. Since no public exploits are known, the immediate risk is moderate but could increase if exploit code becomes available.
Mitigation Recommendations
European organizations should prioritize updating Contiki-NG deployments to version 4.8 or later, where this vulnerability is addressed. For devices that cannot be immediately updated, network-level mitigations should be implemented, such as segmenting 6LoWPAN networks from untrusted sources and employing strict access controls on wireless interfaces to restrict packet injection. Monitoring network traffic for anomalous or oversized 6LoWPAN packets can help detect exploitation attempts. Additionally, organizations should conduct an inventory of IoT devices running Contiki-NG and assess their exposure to external or semi-trusted networks. Employing intrusion detection systems tailored for IoT protocols and regularly auditing firmware versions will further reduce risk. Where feasible, deploying network-level encryption and authentication mechanisms for 6LoWPAN communications can limit unauthorized packet injection. Finally, organizations should engage with device vendors to obtain patches and security updates and consider compensating controls such as device isolation or fail-safe modes to mitigate potential impacts.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2022-07-15T00:00:00.000Z
- Cisa Enriched
- true
Threat ID: 682d9844c4522896dcbf3c83
Added to database: 5/21/2025, 9:09:24 AM
Last enriched: 6/22/2025, 11:04:55 PM
Last updated: 8/16/2025, 3:51:19 AM
Views: 15
Related Threats
CVE-2025-9094: Improper Neutralization of Special Elements Used in a Template Engine in ThingsBoard
MediumCVE-2025-9093: Improper Export of Android Application Components in BuzzFeed App
MediumCVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.