CVE-2019-15134
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
RIOT through 2019.07 contains a memory leak in the TCP implementation (gnrc_tcp), allowing an attacker to consume all memory available for network packets and thus effectively stopping all network threads from working. This is related to _receive in sys/net/gnrc/transport_layer/tcp/gnrc_tcp_eventloop.c upon receiving an ACK before a SYN.
RIOT versiones hasta 2019.07, contiene una pérdida de memoria en la implementación de TCP (gnrc_tcp), lo que permite a un atacante consumir toda la memoria disponible para los paquetes de red y, por lo tanto, impedir que todos los hilos (subprocesos) de la red funcionen. Esto está relacionado con la función _receive en el archivo sys/net/gnrc/transport_layer/tcp/gnrc_tcp_eventloop.c recibiendo un ACK antes de un SYN.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-08-17 CVE Reserved
- 2019-08-17 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-401: Missing Release of Memory after Effective Lifetime
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/RIOT-OS/RIOT/pull/12001 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Riot-os Search vendor "Riot-os" | Riot Search vendor "Riot-os" for product "Riot" | <= 2019.07 Search vendor "Riot-os" for product "Riot" and version " <= 2019.07" | - |
Affected
| ||||||