CVE-2023-24821

Name of the Vulnerable Software and Affected Versions RIOT-OS versions prior to 2022.10

Description The issue concerns a network stack in RIOT-OS, an operating system for Internet of Things devices, which can process 6LoWPAN frames. An attacker can send a crafted frame, resulting in a large out of bounds write beyond the packet buffer. This write creates a hard fault exception after reaching the last page of RAM, and since the hard fault is not handled, the system becomes stuck until reset, leading to a denial of service.

Recommendations For versions prior to 2022.10, update to version 2022.10 to resolve the issue. As a temporary workaround, consider disabling support for fragmented IP datagrams until the update is applied. Alternatively, apply the patches manually to fix the issue.