OpenCVE

RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device resulting in an integer underflow and out of bounds access in the packet buffer. Triggering the access at the right time will corrupt other packets or the allocator metadata. Corrupting a pointer will lead to denial of service. This issue is fixed in version 2023.04. As a workaround, disable SRH in the network stack.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Riot-os	Riot

Configuration 1 [-]

cpe:2.3:o:riot-os:riot:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/RIOT-OS/RIOT/commit/34dc1757f5621be48e226cfebb2f4c63505b5360
https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-xjgw-7638-29g5

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-05-30T15:50:54.247Z

Updated: 2024-08-02T11:03:19.259Z

Reserved: 2023-01-30T14:43:33.704Z

Link: CVE-2023-24817

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-05-30T16:15:09.607

Modified: 2024-11-21T07:48:27.277

Link: CVE-2023-24817

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-24817", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-01-30T14:43:33.704Z", "datePublished": "2023-05-30T15:50:54.247Z", "dateUpdated": "2024-08-02T11:03:19.259Z"}, "containers": {"cna": {"title": "RIOT-OS vulnerable to Out of Bounds write in routing with SRH", "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "lang": "en", "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-191", "lang": "en", "description": "CWE-191: Integer Underflow (Wrap or Wraparound)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-xjgw-7638-29g5", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-xjgw-7638-29g5"}, {"name": "https://github.com/RIOT-OS/RIOT/commit/34dc1757f5621be48e226cfebb2f4c63505b5360", "tags": ["x_refsource_MISC"], "url": "https://github.com/RIOT-OS/RIOT/commit/34dc1757f5621be48e226cfebb2f4c63505b5360"}], "affected": [{"vendor": "RIOT-OS", "product": "RIOT", "versions": [{"version": "< 2023.04", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-05-30T15:50:54.247Z"}, "descriptions": [{"lang": "en", "value": "RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device resulting in an integer underflow and out of bounds access in the packet buffer. Triggering the access at the right time will corrupt other packets or the allocator metadata. Corrupting a pointer will lead to denial of service. This issue is fixed in version 2023.04. As a workaround, disable SRH in the network stack."}], "source": {"advisory": "GHSA-xjgw-7638-29g5", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:03:19.259Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-xjgw-7638-29g5", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-xjgw-7638-29g5"}, {"name": "https://github.com/RIOT-OS/RIOT/commit/34dc1757f5621be48e226cfebb2f4c63505b5360", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/RIOT-OS/RIOT/commit/34dc1757f5621be48e226cfebb2f4c63505b5360"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:riot-os:riot:*:*:*:*:*:*:*:*", "matchCriteriaId": "3563E17A-D38F-412B-8C65-733C4439DE19", "versionEndExcluding": "2023.04", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device resulting in an integer underflow and out of bounds access in the packet buffer. Triggering the access at the right time will corrupt other packets or the allocator metadata. Corrupting a pointer will lead to denial of service. This issue is fixed in version 2023.04. As a workaround, disable SRH in the network stack."}], "id": "CVE-2023-24817", "lastModified": "2024-11-21T07:48:27.277", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-05-30T16:15:09.607", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/RIOT-OS/RIOT/commit/34dc1757f5621be48e226cfebb2f4c63505b5360"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-xjgw-7638-29g5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/RIOT-OS/RIOT/commit/34dc1757f5621be48e226cfebb2f4c63505b5360"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-xjgw-7638-29g5"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-191"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-191"}, {"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}