CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24819 – RIOT-OS vulnerable to Buffer Overflow during IPHC receive
https://notcve.org/view.php?id=CVE-2023-24819
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. Corrupting a pointer will easily lead to denial of service. While carefully manipulating the allocator metadata gives an attacker the possibility to write data to arbitrary locations and thus execute arbitrary code. • https://github.com/RIOT-OS/RIOT/pull/18817/commits/73615161c01fcfbbc7216cf502cabb12c1598ee4 https://github.com/RIOT-OS/RIOT/pull/18820/commits/da63e45ee94c03a2e08625b04ea618653eab4a9f https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-fv97-2448-gcf6 • CWE-131: Incorrect Calculation of Buffer Size CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24818 – RIOT-OS vulnerable to null pointer dereference during fragment forwarding
https://notcve.org/view.php?id=CVE-2023-24818
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference. During forwarding of a fragment an uninitialized entry in the reassembly buffer is used. The NULL pointer dereference triggers a hard fault exception resulting in denial of service. Version 2022.10 fixes this issue. • https://github.com/RIOT-OS/RIOT/pull/18817/commits/0bec3e245ed3815ad6c8cae54673f0021777768b https://github.com/RIOT-OS/RIOT/pull/18817/commits/17c70f7ee0b1445f2941f516f264ed4a096e82b7 https://github.com/RIOT-OS/RIOT/pull/18817/commits/aa27ed71fa3e5d48dee1748dcf27b6323ec98a33 https://github.com/RIOT-OS/RIOT/pull/18820/commits/4b23d93868a28edd8ebf2ff4ebe94540f2475008 https://github.com/RIOT-OS/RIOT/pull/18820/commits/f4df5b4c4f841ccb460930894cf68ab10b55b971 https://github.com/RIOT-OS/RIOT/pull/18820/commits/f4fb746d1acaacc962daeed3aa71aadfe307d20e https:&# • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-15702
https://notcve.org/view.php?id=CVE-2019-15702
In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the parser for TCP options does not terminate on all inputs, allowing a denial-of-service, because sys/net/gnrc/transport_layer/tcp/gnrc_tcp_option.c has an infinite loop for an unknown zero-length option. En la implementación TCP (gnrc_tcp) en RIOT hasta 2019.07, el analizador de opciones TCP no termina en todas las entradas, lo que permite una denegación de servicio, porque sys/net/gnrc/transport_layer/tcp/gnrc_tcp_option.c tiene un bucle infinito para un desconocido opción de longitud cero. • https://github.com/RIOT-OS/RIOT/issues/12086 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-15134
https://notcve.org/view.php?id=CVE-2019-15134
RIOT through 2019.07 contains a memory leak in the TCP implementation (gnrc_tcp), allowing an attacker to consume all memory available for network packets and thus effectively stopping all network threads from working. This is related to _receive in sys/net/gnrc/transport_layer/tcp/gnrc_tcp_eventloop.c upon receiving an ACK before a SYN. RIOT versiones hasta 2019.07, contiene una pérdida de memoria en la implementación de TCP (gnrc_tcp), lo que permite a un atacante consumir toda la memoria disponible para los paquetes de red y, por lo tanto, impedir que todos los hilos (subprocesos) de la red funcionen. Esto está relacionado con la función _receive en el archivo sys/net/gnrc/transport_layer/tcp/gnrc_tcp_eventloop.c recibiendo un ACK antes de un SYN. • https://github.com/RIOT-OS/RIOT/pull/12001 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-8289
https://notcve.org/view.php?id=CVE-2017-8289
Stack-based buffer overflow in the ipv6_addr_from_str function in sys/net/network_layer/ipv6/addr/ipv6_addr_from_str.c in RIOT prior to 2017-04-25 allows local attackers, and potentially remote attackers, to cause a denial of service or possibly have unspecified other impact via a malformed IPv6 address. El desbordamiento de búfer basado en pila en la función ipv6_addr_from_str en sys /net/network_layer/ipv6/addr/ipv6_addr_from_str.c en RIOT anterior al 25-04-2017 permite a atacantes locales y a atacantes potencialmente remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de una dirección IPv6 mal formada. • https://github.com/RIOT-OS/RIOT/issues/6840 https://github.com/RIOT-OS/RIOT/pull/6961 https://github.com/RIOT-OS/RIOT/pull/6962 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •