Mluis1

**Name of the Vulnerable Software and Affected Versions** LoRaMac-node versions prior to 4.7.0 **Description** The issue is caused by improper size validation of incoming radio frames, which can lead to a buffer overflow. Specifically, the function `ProcessRadioRxDone` expects incoming radio frames to have at least a payload of one byte or more. An empty payload can result in a 1-byte out-of-bounds read of user-controlled content. An attacker can craft a FRAME TYPE PROPRIETARY frame with size -1, leading to a 65280-byte out-of-bounds memcopy with partially controlled attacker data. This can cause a Denial of Service (DoS) or potentially allow the attacker to gain control over the execution. **Recommendations** For versions prior to 4.7.0, upgrade to version 4.7.0 or later by updating the package or manually applying the patch commit `e851b079`.