CVE-2023-24826

RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send crafted frames to the device to trigger the usage of an uninitialized object leading to denial of service. This issue is fixed in version 2023.04. As a workaround, disable fragment forwarding or SFR.
Configurations

Configuration 1 (hide)

cpe:2.3:o:riot-os:riot:*:*:*:*:*:*:*:*

History

06 Jun 2023, 16:15

Type Values Removed Values Added
CPE cpe:2.3:o:riot-os:riot:*:*:*:*:*:*:*:*
CWE CWE-824
First Time Riot-os riot
Riot-os
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
References (MISC) https://github.com/RIOT-OS/RIOT/blob/ccbb304eae7b59e8aca24a6ffd095b5b3f7720ee/sys/net/gnrc/network_layer/sixlowpan/frag/sfr/gnrc_sixlowpan_frag_sfr.c#L420 - (MISC) https://github.com/RIOT-OS/RIOT/blob/ccbb304eae7b59e8aca24a6ffd095b5b3f7720ee/sys/net/gnrc/network_layer/sixlowpan/frag/sfr/gnrc_sixlowpan_frag_sfr.c#L420 - Product
References (MISC) https://github.com/RIOT-OS/RIOT/commit/287f030af20e829469cdf740606148018a5a220d - (MISC) https://github.com/RIOT-OS/RIOT/commit/287f030af20e829469cdf740606148018a5a220d - Patch
References (MISC) https://github.com/RIOT-OS/RIOT/blob/ccbb304eae7b59e8aca24a6ffd095b5b3f7720ee/sys/net/gnrc/network_layer/sixlowpan/frag/sfr/gnrc_sixlowpan_frag_sfr.c#L402 - (MISC) https://github.com/RIOT-OS/RIOT/blob/ccbb304eae7b59e8aca24a6ffd095b5b3f7720ee/sys/net/gnrc/network_layer/sixlowpan/frag/sfr/gnrc_sixlowpan_frag_sfr.c#L402 - Product
References (MISC) https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-xfj4-9g7w-f4gh - (MISC) https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-xfj4-9g7w-f4gh - Vendor Advisory

30 May 2023, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-05-30 17:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-24826

Mitre link : CVE-2023-24826

CVE.ORG link : CVE-2023-24826


JSON object : View

Products Affected

riot-os

  • riot
CWE
CWE-824

Access of Uninitialized Pointer