CVE-2023-24825 RIOT-OS vulnerable to NULL pointer dereference in gnrc_pktbuf_mark

RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device to trigger a NULL pointer dereference leading to denial of service. This issue is fixe...

CVE-2023-24817 RIOT-OS vulnerable to Out of Bounds write in routing with SRH

RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device resulting in an integer underflow and out of bounds access in the packet buffer...

CVE-2023-24817

CVE-2023-24817 affects RIOT-OS, specifically the 6LoWPAN processing in its network stack. A crafted 6LoWPAN frame sent to affected devices prior to version 2023.04 can trigger an integer underflow and out-of-bounds access in the packet buffer, potentially corrupting other packets or allocator met...

CVE-2023-24817 RIOT-OS vulnerable to Out of Bounds write in routing with SRH

RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device resulting in an integer underflow and out of bounds access in the packet buffer...

PT-2023-19798 · Riot-Os · Riot-Os

Name of the Vulnerable Software and Affected Versions: RIOT-OS versions prior to 2023.04 Description: The issue affects the network stack of RIOT-OS, specifically in the processing of 6LoWPAN frames. An attacker can send a crafted frame, resulting in an integer underflow and out of bounds access ...

netavark bug fix and enhancement update

An update is available for netavark. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Netavark is a rust based network stack for containers. Bug Fixes and...

kernel: tunnels: do not assume mac header is set in skb_tunnel_check_pmtu()

In the Linux kernel, the following vulnerability has been resolved: tunnels: do not assume mac header is set in skbtunnelcheckpmtu Recently added debug in commit f9aefd6b2aa3 "net: warn if mac header was not set" caught a bug in skbtunnelcheckpmtu, as shown in this syzbot report 1. In ndostartxmi...

RIOT-OS Denial of Service Vulnerability

RIOT-OS is an operating system that supports IoT devices and contains a network stack capable of handling 6LoWPAN frames. A denial of service vulnerability exists in versions of RIOT-OS prior to 2022.10, which can be exploited by an attacker to launch a denial of service attack...

CVE-2023-24821

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write wil...

CVE-2023-24822

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference while encoding a 6LoWPAN IPHC header. Th...

Null pointer dereference

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference while encoding a 6LoWPAN IPHC header. Th...

Out-of-bounds

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write wil...

CVE-2023-24820

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. An attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write will create a hard fault...

CVE-2023-24819

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be us...

Out-of-bounds

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. An attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write will create a hard fault...

Null pointer dereference

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference. During forwarding of a fragment an...

CVE-2023-24821 RIOT-OS vulnerable to Integer Underflow during defragmentation

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write wil...

CVE-2023-24820

RIOT-OS CVE-2023-24820 affects the 6LoWPAN network stack; processing crafted frames can trigger a large out-of-bounds write beyond the packet buffer, causing an unhandled hard fault when RAM is exhausted and a denial-of-service condition. The issue is fixed in version 2022.10; a manual patch is a...

CVE-2023-24819 RIOT-OS vulnerable to Buffer Overflow during IPHC receive

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be us...

CVE-2023-24819 RIOT-OS vulnerable to Buffer Overflow during IPHC receive

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be us...