CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24819 – RIOT-OS vulnerable to Buffer Overflow during IPHC receive
https://notcve.org/view.php?id=CVE-2023-24819
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. Corrupting a pointer will easily lead to denial of service. While carefully manipulating the allocator metadata gives an attacker the possibility to write data to arbitrary locations and thus execute arbitrary code. • https://github.com/RIOT-OS/RIOT/pull/18817/commits/73615161c01fcfbbc7216cf502cabb12c1598ee4 https://github.com/RIOT-OS/RIOT/pull/18820/commits/da63e45ee94c03a2e08625b04ea618653eab4a9f https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-fv97-2448-gcf6 • CWE-131: Incorrect Calculation of Buffer Size CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24818 – RIOT-OS vulnerable to null pointer dereference during fragment forwarding
https://notcve.org/view.php?id=CVE-2023-24818
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference. During forwarding of a fragment an uninitialized entry in the reassembly buffer is used. The NULL pointer dereference triggers a hard fault exception resulting in denial of service. Version 2022.10 fixes this issue. • https://github.com/RIOT-OS/RIOT/pull/18817/commits/0bec3e245ed3815ad6c8cae54673f0021777768b https://github.com/RIOT-OS/RIOT/pull/18817/commits/17c70f7ee0b1445f2941f516f264ed4a096e82b7 https://github.com/RIOT-OS/RIOT/pull/18817/commits/aa27ed71fa3e5d48dee1748dcf27b6323ec98a33 https://github.com/RIOT-OS/RIOT/pull/18820/commits/4b23d93868a28edd8ebf2ff4ebe94540f2475008 https://github.com/RIOT-OS/RIOT/pull/18820/commits/f4df5b4c4f841ccb460930894cf68ab10b55b971 https://github.com/RIOT-OS/RIOT/pull/18820/commits/f4fb746d1acaacc962daeed3aa71aadfe307d20e https:&# • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-15702
https://notcve.org/view.php?id=CVE-2019-15702
In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the parser for TCP options does not terminate on all inputs, allowing a denial-of-service, because sys/net/gnrc/transport_layer/tcp/gnrc_tcp_option.c has an infinite loop for an unknown zero-length option. En la implementación TCP (gnrc_tcp) en RIOT hasta 2019.07, el analizador de opciones TCP no termina en todas las entradas, lo que permite una denegación de servicio, porque sys/net/gnrc/transport_layer/tcp/gnrc_tcp_option.c tiene un bucle infinito para un desconocido opción de longitud cero. • https://github.com/RIOT-OS/RIOT/issues/12086 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-15134
https://notcve.org/view.php?id=CVE-2019-15134
RIOT through 2019.07 contains a memory leak in the TCP implementation (gnrc_tcp), allowing an attacker to consume all memory available for network packets and thus effectively stopping all network threads from working. This is related to _receive in sys/net/gnrc/transport_layer/tcp/gnrc_tcp_eventloop.c upon receiving an ACK before a SYN. RIOT versiones hasta 2019.07, contiene una pérdida de memoria en la implementación de TCP (gnrc_tcp), lo que permite a un atacante consumir toda la memoria disponible para los paquetes de red y, por lo tanto, impedir que todos los hilos (subprocesos) de la red funcionen. Esto está relacionado con la función _receive en el archivo sys/net/gnrc/transport_layer/tcp/gnrc_tcp_eventloop.c recibiendo un ACK antes de un SYN. • https://github.com/RIOT-OS/RIOT/pull/12001 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-1000006
https://notcve.org/view.php?id=CVE-2019-1000006
RIOT RIOT-OS version after commit 7af03ab624db0412c727eed9ab7630a5282e2fd3 contains a Buffer Overflow vulnerability in sock_dns, an implementation of the DNS protocol utilizing the RIOT sock API that can result in Remote code executing. This attack appears to be exploitable via network connectivity. RIOT-OS, de RIOT, en versiones tras el commit con ID 7af03ab624db0412c727eed9ab7630a5282e2fd3, contiene una vulnerabilidad de desbordamiento de búfer en sock_dns, una implementación del protocolo DNS que emplea la API sock de RIOT y que puede resultar en la ejecución remota de código. Este ataque parece ser explotable mediante conectividad de red. • https://github.com/RIOT-OS/RIOT/issues/10739 • CWE-787: Out-of-bounds Write •