2 matches found
CVE-2024-32017
RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The size check in the gcoapdnsserverproxyget function contains a small typo that may lead to a buffer overflow in the subsequent strcpy. In detail, t...
CVE-2024-32017
CVE-2024-32017 affects RIOT OS. The issue is a buffer overflow in gcoap DNS server proxy logic: a typo causes a length check of _uri instead of _proxy, risking overflow in subsequent strcpy. Additionally, _gcoap_forward_proxy_copy_options() lacks explicit bounds before copying into cep->req_et...