Buffer Overflow Vulnerability in RIOT Operating System Could Lead to Denial of Service or Arbitrary Code Execution
CVE-2024-32018
8.8HIGH
What is CVE-2024-32018?
A buffer overflow vulnerability has been identified in the RIOT operating system, which supports various microcontroller devices. The vulnerability arises from the use of assertion macros that do not enforce checks in non-debug builds. Specifically, in the nimble_scanlist_update()
function, if the specified length len
is controlled by an attacker and it exceeds the size of the intended buffer, it can lead to a buffer overflow when the unchecked len
is passed to the memcpy()
function. This flaw presents multiple security risks, including potential denial of service or arbitrary code execution, if not properly mitigated. Users are recommended to implement manual length checks to secure their applications against this risk.
Affected Version(s)
RIOT <= 2023.10