CVE-2024-32018

Name of the Vulnerable Software and Affected Versions RIOT (affected versions not specified)

Description RIOT is a real-time multi-threading operating system that supports a range of devices, typically 8-bit, 16-bit, and 32-bit microcontrollers. The software may be exposed to attacks due to the lack of proper input checks, as assertions are the only line of defense against untrusted input and compile to a no-op on non-debug builds. In the nimble scanlist update() function, the len variable is checked in an assertion and subsequently used in a call to memcpy(). If an attacker provides a larger len value while assertions are compiled-out, they can write past the end of the fixed-length e->ad buffer, potentially leading to a buffer overflow vulnerability. The impact could range from denial of service to arbitrary code execution.

Recommendations As a temporary workaround, consider adding manual len checking to prevent buffer overflows. At the moment, there is no information about a newer version that contains a fix for this vulnerability.