CVE-2024-32017

Name of the Vulnerable Software and Affected Versions RIOT (affected versions not specified)

Description The issue is related to a buffer overflow vulnerability in the RIOT operating system, which supports a range of devices typically using 8-bit, 16-bit, and 32-bit microcontrollers. A small typo in the gcoap dns server proxy get() function may lead to a buffer overflow in the subsequent strcpy(), as the length of the uri string is checked instead of the length of the proxy string. Additionally, the gcoap forward proxy copy options() function does not implement an explicit size check before copying data to the cep->req etag buffer, which is COAP ETAG LENGTH MAX bytes long. If an attacker can craft input so that optlen becomes larger than COAP ETAG LENGTH MAX, they can cause a buffer overflow. The impact of the buffer overflow vulnerabilities could range from denial of service to arbitrary code execution.

Recommendations As a temporary workaround, consider adding manual bounds checking to prevent buffer overflows. Restrict access to the vulnerable functions gcoap dns server proxy get() and gcoap forward proxy copy options() to minimize the risk of exploitation. Avoid using the optlen variable in a way that could cause it to exceed COAP ETAG LENGTH MAX until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.