CVE-2022-39274

Name of the Vulnerable Software and Affected Versions LoRaMac-node versions prior to 4.7.0

Description The issue is caused by improper size validation of incoming radio frames, which can lead to a buffer overflow. Specifically, the function ProcessRadioRxDone expects incoming radio frames to have at least a payload of one byte or more. An empty payload can result in a 1-byte out-of-bounds read of user-controlled content. An attacker can craft a FRAME TYPE PROPRIETARY frame with size -1, leading to a 65280-byte out-of-bounds memcopy with partially controlled attacker data. This can cause a Denial of Service (DoS) or potentially allow the attacker to gain control over the execution.

Recommendations For versions prior to 4.7.0, upgrade to version 4.7.0 or later by updating the package or manually applying the patch commit e851b079.