RIOT-OS vulnerable to Buffer Overflow during IPHC receive
CVE-2023-24819

9.8CRITICAL

Key Information:

Vendor

Riot-os

Status
Riot
Vendor
CVE Published:
24 April 2023

What is CVE-2023-24819?

The network stack of RIOT-OS, designed for Internet of Things devices, is susceptible to a serious vulnerability that allows an attacker to send a specifically crafted 6LoWPAN frame. This can lead to an out of bounds write within the packet buffer, potentially corrupting additional packets and allocator metadata. By manipulating the allocator data, an attacker might execute arbitrary code or trigger a denial of service. To mitigate this risk, upgrade to version 2022.10 or disable support for fragmented IP datagrams manually.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

RIOT < 2022.10

References

https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-...
x_refsource_CONFIRM
https://github.com/RIOT-OS/RIOT/pull/18817/commits/736151...
x_refsource_MISC
https://github.com/RIOT-OS/RIOT/pull/18820/commits/da63e4...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.