RIOT-OS vulnerable to Out of Bounds Write in _rbuf_add
CVE-2023-33975

9.8CRITICAL

Key Information:

Vendor

RIOT-OS

Status
RIOT
Vendor
CVE Published:
30 May 2023

What is CVE-2023-33975?

RIOT-OS, a popular operating system designed for Internet of Things (IoT) devices, is vulnerable due to its network stack's processing of 6LoWPAN frames. In versions prior to 2023.01, an attacker can exploit this vulnerability by sending a specially crafted frame to the device, leading to an out of bounds write in the packet buffer. This overflow may corrupt other packets and potentially the allocator's metadata. Such corruption allows an attacker to manipulate pointers, which can trigger denial of service or even execute arbitrary code by writing to unintended memory locations. This issue has been addressed in pull request 19680, and it is recommended to disable support for fragmented IP datagrams as an initial workaround.

Affected Version(s)

RIOT <= 2023.01

References

https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-...
x_refsource_CONFIRM
https://github.com/RIOT-OS/RIOT/pull/19680
x_refsource_MISC
https://github.com/RIOT-OS/RIOT/commit/1aeb90ee5555ae78b5...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.