CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-33975 – RIOT-OS vulnerable to Out of Bounds Write in _rbuf_add
https://notcve.org/view.php?id=CVE-2023-33975
30 May 2023 — RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In version 2023.01 and prior, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. Corrupting a pointer will easily lead to denial of service. While carefully manipulating the allocator metadata gives an attacker the possibility to write data... • https://github.com/RIOT-OS/RIOT/blob/f41b4b67b6affca0a8b32edced7f51088696869a/sys/net/gnrc/network_layer/sixlowpan/frag/rb/gnrc_sixlowpan_frag_rb.c#L320 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33974 – RIOT-OS vulnerable to Race Condition in SFR Timeout
https://notcve.org/view.php?id=CVE-2023-33974
30 May 2023 — RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send multiple crafted frames to the device to trigger a race condition. The race condition invalidates assumptions about the program state and leads to an invalid memory access resulting in denial of service. This issue is patched in pull request 19679. There are no known workarounds. • https://github.com/RIOT-OS/RIOT/blob/f41b4b67b6affca0a8b32edced7f51088696869a/sys/net/gnrc/network_layer/sixlowpan/frag/sfr/gnrc_sixlowpan_frag_sfr.c#L1717 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33973 – RIOT-OS vulnerable to NULL pointer dereference during NHC encoding
https://notcve.org/view.php?id=CVE-2023-33973
30 May 2023 — RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send a crafted frame which is forwarded by the device. During encoding of the packet a NULL pointer dereference occurs. This crashes the device leading to denial of service. A patch is available at pull request 19678. • https://github.com/RIOT-OS/RIOT/blob/f41b4b67b6affca0a8b32edced7f51088696869a/sys/net/gnrc/network_layer/sixlowpan/iphc/gnrc_sixlowpan_iphc.c#L1067 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24826 – Usage of Uninitialized Timer during forwarding of Fragments with SFR
https://notcve.org/view.php?id=CVE-2023-24826
30 May 2023 — RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send crafted frames to the device to trigger the usage of an uninitialized object leading to denial of service. This issue is fixed in version 2023.04. As a workaround, disable fragment forwarding or SFR. • https://github.com/RIOT-OS/RIOT/blob/ccbb304eae7b59e8aca24a6ffd095b5b3f7720ee/sys/net/gnrc/network_layer/sixlowpan/frag/sfr/gnrc_sixlowpan_frag_sfr.c#L402 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24825 – RIOT-OS vulnerable to NULL pointer dereference in gnrc_pktbuf_mark
https://notcve.org/view.php?id=CVE-2023-24825
30 May 2023 — RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device to trigger a NULL pointer dereference leading to denial of service. This issue is fixed in version 2023.04. There are no known workarounds. • https://github.com/RIOT-OS/RIOT/blob/2022.10-branch/sys/net/gnrc/network_layer/sixlowpan/frag/rb/gnrc_sixlowpan_frag_rb.c#L416 • CWE-252: Unchecked Return Value CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24817 – RIOT-OS vulnerable to Out of Bounds write in routing with SRH
https://notcve.org/view.php?id=CVE-2023-24817
30 May 2023 — RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device resulting in an integer underflow and out of bounds access in the packet buffer. Triggering the access at the right time will corrupt other packets or the allocator metadata. Corrupting a pointer will lead to denial of service. This issue is fixed in version 2023.04. • https://github.com/RIOT-OS/RIOT/commit/34dc1757f5621be48e226cfebb2f4c63505b5360 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-191: Integer Underflow (Wrap or Wraparound) CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24823 – RIOT-OS vulnerable to Packet Type Confusion during IPHC send
https://notcve.org/view.php?id=CVE-2023-24823
24 Apr 2023 — RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a type confusion between IPv6 extension headers and a UDP header. This occurs while encoding a 6LoWPAN IPHC header. The type confusion manifests in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. • https://github.com/RIOT-OS/RIOT/pull/18817/commits/4a081f86616cb5c9dd0b5d7b286da03285d1652a • CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24822 – RIOT-OS vulnerable to Null Pointer dereference during IPHC encoding
https://notcve.org/view.php?id=CVE-2023-24822
24 Apr 2023 — RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference while encoding a 6LoWPAN IPHC header. The NULL pointer dereference causes a hard fault exception, leading to denial of service. Version 2022.10 fixes this issue. As a workaround, apply the patches manually. • https://github.com/RIOT-OS/RIOT/pull/18817/commits/639c04325de4ceb9d444955f4927bfae95843a39 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24821 – RIOT-OS vulnerable to Integer Underflow during defragmentation
https://notcve.org/view.php?id=CVE-2023-24821
24 Apr 2023 — RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write will create a hard fault exception after reaching the last page of RAM. The hard fault is not handled and the system will be stuck until reset, thus the impact is denial of service. Version 2022.10 fixes this issue. • https://github.com/RIOT-OS/RIOT/pull/18817/commits/9728f727e75d7d78dbfb5918e0de1b938b7b6d2c • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24820 – RIOT-OS vulnerable to Integer Underflow during IPHC receive
https://notcve.org/view.php?id=CVE-2023-24820
24 Apr 2023 — RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. An attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write will create a hard fault exception after reaching the last page of RAM. The hard fault is not handled and the system will be stuck until reset. Thus the impact is denial of service. • https://github.com/RIOT-OS/RIOT/pull/18817/commits/2709fbd827b688fe62df2c77c316914f4a3a6d4a • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-787: Out-of-bounds Write •