Lucene search

GitHub_MCVELIST:CVE-2023-24822

HistoryApr 24, 2023 - 3:24 p.m.

CVE-2023-24822 RIOT-OS vulnerable to Null Pointer dereference during IPHC encoding

2023-04-2415:24:26

CWE-476

GitHub_M

www.cve.org

riot-os

6lowpan

iphc

vulnerability

null pointer

denial of service

patches

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

42.5%

JSON

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference while encoding a 6LoWPAN IPHC header. The NULL pointer dereference causes a hard fault exception, leading to denial of service. Version 2022.10 fixes this issue. As a workaround, apply the patches manually.

CNA Affected

[
  {
    "vendor": "RIOT-OS",
    "product": "RIOT",
    "versions": [
      {
        "version": "< 2022.10",
        "status": "affected"
      }
    ]
  }
]

References

github.com/RIOT-OS/RIOT/pull/18817/commits/639c04325de4ceb9d444955f4927bfae95843a39

github.com/RIOT-OS/RIOT/pull/18820/commits/7253e261556f252816f4a3b7c4f96fc10d642485

github.com/RIOT-OS/RIOT/security/advisories/GHSA-8x69-5fhj-72wh

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

42.5%

JSON

Related for CVELIST:CVE-2023-24822