Описание
RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send a crafted frame which is forwarded by the device. During encoding of the packet a NULL pointer dereference occurs. This crashes the device leading to denial of service. A patch is available at pull request 19678. There are no known workarounds.
Ссылки
- Product
- Product
- Product
- Product
- Product
- Patch
- Issue TrackingPatch
- Vendor Advisory
- Product
- Product
- Product
- Product
- Product
- Patch
- Issue TrackingPatch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2023.01 (включая)
cpe:2.3:o:riot-os:riot:*:*:*:*:*:*:*:*
EPSS
Процентиль: 44%
0.00218
Низкий
7.5 High
CVSS3
Дефекты
CWE-476
CWE-476
Связанные уязвимости
CVSS3: 7.5
fstec
больше 2 лет назад
Уязвимость обработчика кадров 6LoWPAN ядра операционной системы RIOT, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
Процентиль: 44%
0.00218
Низкий
7.5 High
CVSS3
Дефекты
CWE-476
CWE-476