Buffer Overflow Vulnerability in RIOT Operating System Could Lead to Denial of Service or Arbitrary Code Execution
CVE-2024-32017

9.8CRITICAL

Key Information:

Vendor: Riot-os
Status: Riot
Vendor: CVE Published:; 1 May 2024

What is CVE-2024-32017?

In particular, a small typo in the size check within the gcoap_dns_server_proxy_get() function of RIOT OS can result in a buffer overflow during the execution of strcpy(). This is due to the system incorrectly checking the length of the _uri string instead of the _proxy string. Additionally, the _gcoap_forward_proxy_copy_options() function lacks sufficient bounds checking before writing to the cep->req_etag, which is restricted by COAP_ETAG_LENGTH_MAX. An attacker could exploit this vulnerability by crafting input that makes optlen exceed COAP_ETAG_LENGTH_MAX, leading to scenarios that could result in denial of service or arbitrary code execution if the input crosses security boundaries. Currently, no patch exists for this issue, highlighting the need for manual bounds checks by users.

Affected Version(s)

RIOT <= 2023.10

References

https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-...

x_refsource_CONFIRM

https://github.com/RIOT-OS/RIOT/blob/master/sys/net/appli...

x_refsource_MISC

https://github.com/RIOT-OS/RIOT/blob/master/sys/net/appli...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2024
Vulnerability Reserved
Apr 9, 2024

Riot-os

What is CVE-2024-32017?

Affected Version(s)

References

CVSS V3.1

Timeline