Namberino
·
Published
2025-07-18
·
Updated
2025-07-18
·
CVE-2025-53888
6.6
Medium
| Base vector | Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
RIOT-OS versions prior to 2025.04
Description:
RIOT-OS, an operating system that supports Internet of Things devices, has an ineffective size check implemented with `assert()` that can lead to a buffer overflow. Assertions are typically compiled out in production builds. If assertions are the only defense against untrusted inputs, the software may be exposed to attacks that utilize the lack of proper input checks. In the `l2filter add()` function, `addr len` is checked using an assertion and is subsequently used as an argument in a `memcpy()` call. When assertions are disabled, there is no size check for `addr len`. Providing an `addr len` value larger than `CONFIG L2FILTER ADDR MAXLEN` can trigger a buffer overflow and write past the `list[i].addr` buffer. If the unchecked input is attacker-controlled, the impact of the buffer overflow can range from a denial of service to arbitrary code execution.
Recommendations:
Update to version 2025.04 or later.
Fix
DoS
Buffer Overflow