CVE-2019-15702

Name of the Vulnerable Software and Affected Versions RIOT through 2019.07

Description The issue is related to the TCP implementation in RIOT, where the parser for TCP options does not properly terminate on all inputs. This can lead to a denial-of-service due to an infinite loop when encountering an unknown zero-length option in the sys/net/gnrc/transport layer/tcp/gnrc tcp option.c file.

Recommendations For RIOT through 2019.07, consider applying a patch to fix the infinite loop issue in the TCP options parser to prevent denial-of-service attacks.