The lengths of the extension header options are not checked by the function that processes the IPv6 headers. It allows attackers to put this function into an infinite loop that has crafted length values. The attackers can exploit this vulnerability to consume excessive resources like memory and CPU.
There are no checks against the length fields of the headers for the function that processes the hop-by-hop extension heard in the IPv6 packets. It allows the attackers to put the function into an infinite loop by supplying arbitrary-length values.
Refer to the ICS advisory for the complete list of affected products, mitigation methods, and their respective patches. https://us-cert.cisa.gov/ics/advisories/icsa-21-103-05