CVE-2023-24822

Опубликовано: 24 апр. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference while encoding a 6LoWPAN IPHC header. The NULL pointer dereference causes a hard fault exception, leading to denial of service. Version 2022.10 fixes this issue. As a workaround, apply the patches manually.

Ссылки

https://github.com/RIOT-OS/RIOT/pull/18817/commits/639c04325de4ceb9d444955f4927bfae95843a39
Patch
https://github.com/RIOT-OS/RIOT/pull/18820/commits/7253e261556f252816f4a3b7c4f96fc10d642485
Patch
https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-8x69-5fhj-72wh
Patch
Vendor Advisory
https://github.com/RIOT-OS/RIOT/pull/18817/commits/639c04325de4ceb9d444955f4927bfae95843a39
Patch
https://github.com/RIOT-OS/RIOT/pull/18820/commits/7253e261556f252816f4a3b7c4f96fc10d642485
Patch
https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-8x69-5fhj-72wh
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:riot-os:riot:*:*:*:*:*:*:*:*

Версия до 2022.10 (исключая)

EPSS

Процентиль: 45%

0.00223

Низкий

7.5 High

CVSS3

Дефекты

CWE-476