CVE-2023-33973

Name of the Vulnerable Software and Affected Versions RIOT-OS versions 2023.01 and prior

Description The issue is related to the processing of 6LoWPAN frames in the network stack of RIOT-OS, an operating system for Internet of Things (IoT) devices. An attacker can send a crafted frame that, when forwarded by the device, causes a NULL pointer dereference during packet encoding, leading to a denial of service as the device crashes. There are no known workarounds for this issue.

Recommendations For versions 2023.01 and prior, apply the patch available at pull request 19678 to resolve the issue. As a temporary workaround, consider restricting the ability of the device to forward crafted 6LoWPAN frames until the patch is applied.