Race condition

RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send multiple crafted frames to the device to trigger a race condition. The race condition invalidates assumptions...

CVE-2023-33975

RIOT-OS 6LoWPAN network stack vulnerability: in 2023.01 and earlier, an attacker can send a crafted frame causing an out-of-bounds write in the packet buffer, potentially corrupting packets and allocator metadata, leading to denial of service or arbitrary code execution if allocator metadata is m...

CVE-2023-33974

RIOT-OS vulnerability CVE-2023-33974 affects the 6LoWPAN frame handling in RIOT-OS before 2023.01. A race condition can be triggered by multiple crafted frames sent to the device, causing an invalid memory access and resulting in a denial of service. The issue is mitigated by the patch in pull re...

CVE-2023-33974 RIOT-OS vulnerable to Race Condition in SFR Timeout

RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send multiple crafted frames to the device to trigger a race condition. The race condition invalidates assumptions...

CVE-2023-33973 RIOT-OS vulnerable to NULL pointer dereference during NHC encoding

RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send a crafted frame which is forwarded by the device. During encoding of the packet a NULL pointer dereference...

CVE-2023-33973

RIOT-OS contains a flaw in its 6LoWPAN processing within the GNRC network stack. In versions 2023.01 and prior, an attacker can send a crafted frame that is forwarded by the device; during encoding of the packet a NULL pointer dereference occurs, crashing the device and causing a denial of servic...

CVE-2023-24817

RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device resulting in an integer underflow and out of bounds access in the packet buffer...

CVE-2023-24825

RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device to trigger a NULL pointer dereference leading to denial of service. This issue is fixe...

Integer overflow

RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device resulting in an integer underflow and out of bounds access in the packet buffer...

CVE-2023-24826

CVE-2023-24826 affects RIOT-OS on IoT devices with its 6LoWPAN-capable network stack. Before version 2023.04, an attacker can send crafted frames that trigger the use of an uninitialized object, causing a denial of service. The issue is fixed in version 2023.04. A workaround is to disable fragmen...

CVE-2023-24825 RIOT-OS vulnerable to NULL pointer dereference in gnrc_pktbuf_mark

RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device to trigger a NULL pointer dereference leading to denial of service. This issue is fixe...

CVE-2023-24825

RIOT-OS’s 6LoWPAN frame handling in the GNRC network stack is vulnerable to a NULL pointer dereference when processing crafted frames. This affects versions prior to 2023.04 and can lead to denial of service. The issue is fixed in version 2023.04; there are no known workarounds. Upgrade to 2023.0...

CVE-2023-24817 RIOT-OS vulnerable to Out of Bounds write in routing with SRH

RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device resulting in an integer underflow and out of bounds access in the packet buffer...

CVE-2023-24817 RIOT-OS vulnerable to Out of Bounds write in routing with SRH

RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device resulting in an integer underflow and out of bounds access in the packet buffer...

CVE-2023-24817

CVE-2023-24817 affects RIOT-OS, specifically the 6LoWPAN processing in its network stack. A crafted 6LoWPAN frame sent to affected devices prior to version 2023.04 can trigger an integer underflow and out-of-bounds access in the packet buffer, potentially corrupting other packets or allocator met...

PT-2023-19798 · Riot-Os · Riot-Os

Name of the Vulnerable Software and Affected Versions: RIOT-OS versions prior to 2023.04 Description: The issue affects the network stack of RIOT-OS, specifically in the processing of 6LoWPAN frames. An attacker can send a crafted frame, resulting in an integer underflow and out of bounds access ...

netavark bug fix and enhancement update

An update is available for netavark. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Netavark is a rust based network stack for containers. Bug Fixes and...

kernel: tunnels: do not assume mac header is set in skb_tunnel_check_pmtu()

In the Linux kernel, the following vulnerability has been resolved: tunnels: do not assume mac header is set in skbtunnelcheckpmtu Recently added debug in commit f9aefd6b2aa3 "net: warn if mac header was not set" caught a bug in skbtunnelcheckpmtu, as shown in this syzbot report 1. In ndostartxmi...

RIOT-OS Denial of Service Vulnerability

RIOT-OS is an operating system that supports IoT devices and contains a network stack capable of handling 6LoWPAN frames. A denial of service vulnerability exists in versions of RIOT-OS prior to 2022.10, which can be exploited by an attacker to launch a denial of service attack...

CVE-2023-24821

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write wil...