CVE-2023-24820

Name of the Vulnerable Software and Affected Versions RIOT-OS versions prior to 2022.10

Description The issue affects the network stack of RIOT-OS, an operating system for Internet of Things devices, which can process 6LoWPAN frames. An attacker can send a crafted frame, resulting in a large out of bounds write beyond the packet buffer. This write creates a hard fault exception after reaching the last page of RAM. Since the hard fault is not handled, the system becomes stuck until it is reset, leading to a denial of service.

Recommendations For versions prior to 2022.10, update to version 2022.10 to resolve the issue. As a temporary workaround for versions prior to 2022.10, apply the patch manually.