CVE-2019-15134

Name of the Vulnerable Software and Affected Versions RIOT through 2019.07

Description The issue is related to a memory leak in the TCP implementation, specifically in the gnrc tcp module. This leak occurs when an ACK is received before a SYN, affecting the receive function in sys/net/gnrc/transport layer/tcp/gnrc tcp eventloop.c. This allows an attacker to consume all available memory for network packets, effectively stopping all network threads from working.

Recommendations For RIOT through 2019.07, consider applying a patch to fix the memory leak in the TCP implementation to prevent attackers from consuming all available memory for network packets.