CVE-2023-33975

Name of the Vulnerable Software and Affected Versions RIOT-OS versions 2023.01 and prior

Description The issue concerns the network stack of RIOT-OS, specifically its ability to process 6LoWPAN frames. An attacker can send a crafted frame to the device, resulting in an out of bounds write in the packet buffer. This overflow can be used to corrupt other packets and the allocator metadata, leading to denial of service or potentially allowing the attacker to write data to arbitrary locations and execute arbitrary code.

Recommendations For versions 2023.01 and prior, as a temporary workaround, consider disabling support for fragmented IP datagrams to minimize the risk of exploitation. Update to a version that includes the fix from pull request 19680 to fully resolve the issue.