CVE Tools
Sign in

CVE-2024-47181

Unaligned memory access in RPL option processing in Contiki-NG

Published: Nov 27, 2024Updated: Apr 10, 2025 Sources: CVE List NVDCWE-704
NVD MITRE
7.5CVSSHIGH
EPSS Score
0.6%
Top 58.1%
CISA KEV
Not in KEV
Exploits
No Known Exploits
Remediation
Patch Available

Description

Contiki-NG is an open-source, cross-platform operating system for IoT devices. An unaligned memory access can be triggered in the two RPL implementations of the Contiki-NG operating system. The problem can occur when either one of these RPL implementations is enabled and connected to an RPL instance. If an IPv6 packet containing an odd number of padded bytes before the RPL option, it can cause the rpl_ext_header_hbh_update function to read a 16-bit integer from an odd address. The impact of this unaligned read is architecture-dependent, but can potentially cause the system to crash. The problem has not been patched as of release 4.9, but will be included in the next release. One can apply the changes in Contiki-NG pull request #2962 to patch the system or wait for the next release.

CVSS Vector Breakdown

AV:NAC:LPR:NUI:NS:UC:NI:NA:H
Exploitability
AV:NAttack Vector
Network
AC:LAttack Complexity
Low
PR:NPrivileges Required
None
UI:NUser Interaction
None
Scope
S:UScope
Unchanged
Impact
C:NConfidentiality
None
I:NIntegrity
None
A:HAvailability
High
Open in CVSS calculator →

Weaknesses

CWE-704

Affected Products

contiki-ngcontiki-ng
Embedded
Operating Systems / rtos-embedded-os
contiki-ngoss-projectOperating Systemsaka contiki-ng., tinydtls

Exploitability

Official Patch Available

References

https://github.com/contiki-ng/contiki-ng/pull/2962
github.com
https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-crjw-x84h-h6x3
github.com

Timeline

Published
Nov 27, 2024
Last Updated
Apr 10, 2025

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2024-47181 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows