CVE-2023-33974

Name of the Vulnerable Software and Affected Versions RIOT-OS versions 2023.01 and prior

Description The issue is related to a 6LoWPAN frame handler in the RIOT operating system kernel, which is connected to pointer dereference errors. An attacker can exploit this issue by sending multiple crafted frames to the device, triggering a race condition that leads to an invalid memory access and results in a denial of service.

Recommendations For versions 2023.01 and prior, update to a version that includes the patch from pull request 19679 to resolve the issue. As a temporary workaround, consider restricting access to the network stack to minimize the risk of exploitation.