Havingathijs

Name of the Vulnerable Software and Affected Versions: RIOT (affected versions not specified) Description: A malicious actor can send a IEEE 802.15.4 packet with a spoofed length byte and optionally a spoofed FCS, resulting in an endless loop on a CC2538 receiver. The issue arises from the receiver checking the location of the CRC bit using the packet length byte, considering all 8 bits instead of discarding bit 7. This leads to reading outside of the RX FIFO, causing a discrepancy in the CRC check between the firmware and the radio. If the CPU judges the CRC as correct and the radio is set to `AUTO ACK`, the CPU will enter an endless loop when waiting for an acknowledgment. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.