CVE-2023-23609 (contiki-ng)

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to and including 4.8 are vulnerable to an out-of-bounds write that can occur in the BLE-L2CAP module. The Bluetooth Low Energy - Logical Link Control and Adaptation Layer Protocol (BLE-L2CAP) module handles fragmentation of packets up the configured MTU size. When fragments are reassembled, they are stored in a packet buffer of a configurable size, but there is no check to verify that the packet buffer is …

ble bluetooth bluetooth low energy buffer check control cve devices energy fragmentation fragments iot iot devices link low operating system out-of-bounds out-of-bounds write packet packets platform protocol size system verify vulnerable