CVE-2023-24818

Name of the Vulnerable Software and Affected Versions RIOT-OS versions prior to 2022.10

Description The issue concerns a network stack in RIOT-OS that processes 6LoWPAN frames. An attacker can send a crafted frame, resulting in a NULL pointer dereference during the forwarding of a fragment. This occurs because an uninitialized entry in the reassembly buffer is used, triggering a hard fault exception and leading to denial of service.

Recommendations For versions prior to 2022.10, update to version 2022.10 to resolve the issue. As a temporary workaround, consider disabling support for fragmented IP datagrams until the update is applied. Alternatively, apply the patches manually to fix the issue.