RIOT-OS vulnerable to Packet Type Confusion during IPHC send
CVE-2023-24823

9.8CRITICAL

Key Information:

Vendor: Riot-os
Status: Riot
Vendor: CVE Published:; 24 April 2023

What is CVE-2023-24823?

RIOT-OS, designed for Internet of Things devices, features a vulnerability in its network stack that processes 6LoWPAN frames. An attacker can exploit this vulnerability by sending a specially crafted frame, leading to a type confusion issue between the IPv6 extension headers and a UDP header. This design flaw occurs during the encoding process of the 6LoWPAN IPHC header, resulting in an out-of-bounds write in the packet buffer. Exploiting this issue can corrupt packets and metadata, potentially causing a denial of service. A determined attacker can manipulate the allocator metadata to write arbitrary data to specific locations, potentially enabling arbitrary code execution. To mitigate this risk, users are advised to upgrade to version 2022.10 or manually apply the relevant patches.

Affected Version(s)

RIOT < 2022.10

References

https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-...

x_refsource_CONFIRM

https://github.com/RIOT-OS/RIOT/pull/18817/commits/4a081f...

x_refsource_MISC

https://github.com/RIOT-OS/RIOT/pull/18820/commits/dafc39...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2023
Vulnerability Reserved
Jan 30, 2023

Riot-os

What is CVE-2023-24823?

Affected Version(s)

References

CVSS V3.1

Timeline