Lucene search

[email protected]NVD:CVE-2023-24822

HistoryApr 24, 2023 - 4:15 p.m.

CVE-2023-24822

2023-04-2416:15:07

CWE-476

[email protected]

web.nvd.nist.gov

riot-os

internet of things

network stack

6lowpan frames

null pointer dereference

denial of service

patch

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

42.5%

JSON

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference while encoding a 6LoWPAN IPHC header. The NULL pointer dereference causes a hard fault exception, leading to denial of service. Version 2022.10 fixes this issue. As a workaround, apply the patches manually.

Affected configurations

NVD

Node

riot-osriotRange<2022.10

References

github.com/RIOT-OS/RIOT/pull/18817/commits/639c04325de4ceb9d444955f4927bfae95843a39

github.com/RIOT-OS/RIOT/pull/18820/commits/7253e261556f252816f4a3b7c4f96fc10d642485

github.com/RIOT-OS/RIOT/security/advisories/GHSA-8x69-5fhj-72wh

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

42.5%

JSON

Related for NVD:CVE-2023-24822

cvelist1 prion1 cve1