CVE-2023-24822

Name of the Vulnerable Software and Affected Versions RIOT-OS versions prior to 2022.10

Description RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. An attacker can send a crafted frame to the device, resulting in a NULL pointer dereference while encoding a 6LoWPAN IPHC header. The NULL pointer dereference causes a hard fault exception, leading to denial of service.

Recommendations For versions prior to 2022.10, update to version 2022.10 to resolve the issue. As a temporary workaround, apply the patches manually.