CVE-2023-24817

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions RIOT-OS versions prior to 2023.04

Description The issue affects the network stack of RIOT-OS, specifically in the processing of 6LoWPAN frames. An attacker can send a crafted frame, resulting in an integer underflow and out of bounds access in the packet buffer. This can lead to corruption of other packets or the allocator metadata, and potentially cause a denial of service if a pointer is corrupted.

Recommendations For versions prior to 2023.04, update to version 2023.04 to resolve the issue. As a temporary workaround, consider disabling SRH in the network stack until the update is applied.

Exploit

Fix

Integer Underflow

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-191CWE-787CWE-119

Related Identifiers

CVE-2023-24817

GHSA-XJGW-7638-29G5

Affected Products

Riot-Os

CVE-2023-24817

Weakness Enumeration

Related Identifiers

Affected Products

References · 5