CVE-2023-24826

RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send crafted frames to the device to trigger the usage of an uninitialized object leading to denial of service. This issue is fixed in version 2023.04. As a workaround, disable fragment forwarding or SFR.
Configurations

Configuration 1 (hide)

cpe:2.3:o:riot-os:riot:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:48

Type Values Removed Values Added
References () https://github.com/RIOT-OS/RIOT/blob/ccbb304eae7b59e8aca24a6ffd095b5b3f7720ee/sys/net/gnrc/network_layer/sixlowpan/frag/sfr/gnrc_sixlowpan_frag_sfr.c#L402 - Product () https://github.com/RIOT-OS/RIOT/blob/ccbb304eae7b59e8aca24a6ffd095b5b3f7720ee/sys/net/gnrc/network_layer/sixlowpan/frag/sfr/gnrc_sixlowpan_frag_sfr.c#L402 - Product
References () https://github.com/RIOT-OS/RIOT/blob/ccbb304eae7b59e8aca24a6ffd095b5b3f7720ee/sys/net/gnrc/network_layer/sixlowpan/frag/sfr/gnrc_sixlowpan_frag_sfr.c#L420 - Product () https://github.com/RIOT-OS/RIOT/blob/ccbb304eae7b59e8aca24a6ffd095b5b3f7720ee/sys/net/gnrc/network_layer/sixlowpan/frag/sfr/gnrc_sixlowpan_frag_sfr.c#L420 - Product
References () https://github.com/RIOT-OS/RIOT/commit/287f030af20e829469cdf740606148018a5a220d - Patch () https://github.com/RIOT-OS/RIOT/commit/287f030af20e829469cdf740606148018a5a220d - Patch
References () https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-xfj4-9g7w-f4gh - Vendor Advisory () https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-xfj4-9g7w-f4gh - Vendor Advisory
CVSS v2 : unknown
v3 : 7.5
v2 : unknown
v3 : 5.9

06 Jun 2023, 16:15

Type Values Removed Values Added
CWE CWE-824
First Time Riot-os riot
Riot-os
References (MISC) https://github.com/RIOT-OS/RIOT/blob/ccbb304eae7b59e8aca24a6ffd095b5b3f7720ee/sys/net/gnrc/network_layer/sixlowpan/frag/sfr/gnrc_sixlowpan_frag_sfr.c#L420 - (MISC) https://github.com/RIOT-OS/RIOT/blob/ccbb304eae7b59e8aca24a6ffd095b5b3f7720ee/sys/net/gnrc/network_layer/sixlowpan/frag/sfr/gnrc_sixlowpan_frag_sfr.c#L420 - Product
References (MISC) https://github.com/RIOT-OS/RIOT/commit/287f030af20e829469cdf740606148018a5a220d - (MISC) https://github.com/RIOT-OS/RIOT/commit/287f030af20e829469cdf740606148018a5a220d - Patch
References (MISC) https://github.com/RIOT-OS/RIOT/blob/ccbb304eae7b59e8aca24a6ffd095b5b3f7720ee/sys/net/gnrc/network_layer/sixlowpan/frag/sfr/gnrc_sixlowpan_frag_sfr.c#L402 - (MISC) https://github.com/RIOT-OS/RIOT/blob/ccbb304eae7b59e8aca24a6ffd095b5b3f7720ee/sys/net/gnrc/network_layer/sixlowpan/frag/sfr/gnrc_sixlowpan_frag_sfr.c#L402 - Product
References (MISC) https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-xfj4-9g7w-f4gh - (MISC) https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-xfj4-9g7w-f4gh - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CPE cpe:2.3:o:riot-os:riot:*:*:*:*:*:*:*:*

30 May 2023, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-05-30 17:15

Updated : 2024-11-21 07:48


NVD link : CVE-2023-24826

Mitre link : CVE-2023-24826

CVE.ORG link : CVE-2023-24826


JSON object : View

Products Affected

riot-os

  • riot
CWE
CWE-824

Access of Uninitialized Pointer