CVE-2020-15350

Name of the Vulnerable Software and Affected Versions RIOT version 2020.04

Description The issue is related to a buffer overflow in the base64 decoder. The base64 decode() function uses an output buffer estimation function base64 estimate decode size() to compute the required buffer capacity and validate against the provided buffer size. However, base64 estimate decode size() calculates the expected decoded size with an arithmetic round-off error and does not account for possible padding bytes, potentially leading to a buffer overflow when crafted base64 input is used.

Recommendations For RIOT version 2020.04, consider disabling the base64 decode() function until a patch is available to prevent potential buffer overflow exploitation. Restrict the use of the base64 decoder to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.