CVE-2023-24818 - OpenCVE

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference. During forwarding of a fragment an uninitialized entry in the reassembly buffer is used. The NULL pointer dereference triggers a hard fault exception resulting in denial of service. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Riot-os	Riot

Configuration 1 [-]

cpe:2.3:o:riot-os:riot:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/RIOT-OS/RIOT/pull/18817/commits/0bec3e245ed3815ad6c8cae54673f0021777768b
https://github.com/RIOT-OS/RIOT/pull/18817/commits/17c70f7ee0b1445f2941f516f264ed4a096e82b7
https://github.com/RIOT-OS/RIOT/pull/18817/commits/aa27ed71fa3e5d48dee1748dcf27b6323ec98a33
https://github.com/RIOT-OS/RIOT/pull/18820/commits/4b23d93868a28edd8ebf2ff4ebe94540f2475008
https://github.com/RIOT-OS/RIOT/pull/18820/commits/f4df5b4c4f841ccb460930894cf68ab10b55b971
https://github.com/RIOT-OS/RIOT/pull/18820/commits/f4fb746d1acaacc962daeed3aa71aadfe307d20e
https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-69h9-vj5r-xcg6

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-04-24T14:23:44.280Z

Updated: 2024-08-02T11:03:19.401Z

Reserved: 2023-01-30T14:43:33.704Z

Link: CVE-2023-24818

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-04-24T15:15:07.840

Modified: 2023-05-03T15:44:33.400

Link: CVE-2023-24818

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-24818", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-01-30T14:43:33.704Z", "datePublished": "2023-04-24T14:23:44.280Z", "dateUpdated": "2024-08-02T11:03:19.401Z"}, "containers": {"cna": {"title": "RIOT-OS vulnerable to null pointer dereference during fragment forwarding", "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "lang": "en", "description": "CWE-476: NULL Pointer Dereference", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-69h9-vj5r-xcg6", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-69h9-vj5r-xcg6"}, {"name": "https://github.com/RIOT-OS/RIOT/pull/18817/commits/0bec3e245ed3815ad6c8cae54673f0021777768b", "tags": ["x_refsource_MISC"], "url": "https://github.com/RIOT-OS/RIOT/pull/18817/commits/0bec3e245ed3815ad6c8cae54673f0021777768b"}, {"name": "https://github.com/RIOT-OS/RIOT/pull/18817/commits/17c70f7ee0b1445f2941f516f264ed4a096e82b7", "tags": ["x_refsource_MISC"], "url": "https://github.com/RIOT-OS/RIOT/pull/18817/commits/17c70f7ee0b1445f2941f516f264ed4a096e82b7"}, {"name": "https://github.com/RIOT-OS/RIOT/pull/18817/commits/aa27ed71fa3e5d48dee1748dcf27b6323ec98a33", "tags": ["x_refsource_MISC"], "url": "https://github.com/RIOT-OS/RIOT/pull/18817/commits/aa27ed71fa3e5d48dee1748dcf27b6323ec98a33"}, {"name": "https://github.com/RIOT-OS/RIOT/pull/18820/commits/4b23d93868a28edd8ebf2ff4ebe94540f2475008", "tags": ["x_refsource_MISC"], "url": "https://github.com/RIOT-OS/RIOT/pull/18820/commits/4b23d93868a28edd8ebf2ff4ebe94540f2475008"}, {"name": "https://github.com/RIOT-OS/RIOT/pull/18820/commits/f4df5b4c4f841ccb460930894cf68ab10b55b971", "tags": ["x_refsource_MISC"], "url": "https://github.com/RIOT-OS/RIOT/pull/18820/commits/f4df5b4c4f841ccb460930894cf68ab10b55b971"}, {"name": "https://github.com/RIOT-OS/RIOT/pull/18820/commits/f4fb746d1acaacc962daeed3aa71aadfe307d20e", "tags": ["x_refsource_MISC"], "url": "https://github.com/RIOT-OS/RIOT/pull/18820/commits/f4fb746d1acaacc962daeed3aa71aadfe307d20e"}], "affected": [{"vendor": "RIOT-OS", "product": "RIOT", "versions": [{"version": "< 2022.10", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-04-24T14:23:44.280Z"}, "descriptions": [{"lang": "en", "value": "RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference. During forwarding of a fragment an uninitialized entry in the reassembly buffer is used. The NULL pointer dereference triggers a hard fault exception resulting in denial of service. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually."}], "source": {"advisory": "GHSA-69h9-vj5r-xcg6", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:03:19.401Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-69h9-vj5r-xcg6", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-69h9-vj5r-xcg6"}, {"name": "https://github.com/RIOT-OS/RIOT/pull/18817/commits/0bec3e245ed3815ad6c8cae54673f0021777768b", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/RIOT-OS/RIOT/pull/18817/commits/0bec3e245ed3815ad6c8cae54673f0021777768b"}, {"name": "https://github.com/RIOT-OS/RIOT/pull/18817/commits/17c70f7ee0b1445f2941f516f264ed4a096e82b7", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/RIOT-OS/RIOT/pull/18817/commits/17c70f7ee0b1445f2941f516f264ed4a096e82b7"}, {"name": "https://github.com/RIOT-OS/RIOT/pull/18817/commits/aa27ed71fa3e5d48dee1748dcf27b6323ec98a33", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/RIOT-OS/RIOT/pull/18817/commits/aa27ed71fa3e5d48dee1748dcf27b6323ec98a33"}, {"name": "https://github.com/RIOT-OS/RIOT/pull/18820/commits/4b23d93868a28edd8ebf2ff4ebe94540f2475008", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/RIOT-OS/RIOT/pull/18820/commits/4b23d93868a28edd8ebf2ff4ebe94540f2475008"}, {"name": "https://github.com/RIOT-OS/RIOT/pull/18820/commits/f4df5b4c4f841ccb460930894cf68ab10b55b971", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/RIOT-OS/RIOT/pull/18820/commits/f4df5b4c4f841ccb460930894cf68ab10b55b971"}, {"name": "https://github.com/RIOT-OS/RIOT/pull/18820/commits/f4fb746d1acaacc962daeed3aa71aadfe307d20e", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/RIOT-OS/RIOT/pull/18820/commits/f4fb746d1acaacc962daeed3aa71aadfe307d20e"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:riot-os:riot:*:*:*:*:*:*:*:*", "matchCriteriaId": "2A1B64C3-901D-4D06-AD22-FA94E65D5024", "versionEndExcluding": "2022.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference. During forwarding of a fragment an uninitialized entry in the reassembly buffer is used. The NULL pointer dereference triggers a hard fault exception resulting in denial of service. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually."}], "id": "CVE-2023-24818", "lastModified": "2023-05-03T15:44:33.400", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-04-24T15:15:07.840", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/RIOT-OS/RIOT/pull/18817/commits/0bec3e245ed3815ad6c8cae54673f0021777768b"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/RIOT-OS/RIOT/pull/18817/commits/17c70f7ee0b1445f2941f516f264ed4a096e82b7"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/RIOT-OS/RIOT/pull/18817/commits/aa27ed71fa3e5d48dee1748dcf27b6323ec98a33"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/RIOT-OS/RIOT/pull/18820/commits/4b23d93868a28edd8ebf2ff4ebe94540f2475008"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/RIOT-OS/RIOT/pull/18820/commits/f4df5b4c4f841ccb460930894cf68ab10b55b971"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/RIOT-OS/RIOT/pull/18820/commits/f4fb746d1acaacc962daeed3aa71aadfe307d20e"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-69h9-vj5r-xcg6"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "security-advisories@github.com", "type": "Primary"}]}