CVE-2023-24826

CVSS V2 None CVSS V3 None

Description

RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send crafted frames to the device to trigger the usage of an uninitialized object leading to denial of service. This issue is fixed in version 2023.04. As a workaround, disable fragment forwarding or SFR.

Overview

CVE ID
CVE-2023-24826

Assigner
GitHub_M

Vulnerability Status
PUBLISHED

Published Version
2023-05-30T16:07:45.208Z

Last Modified Date
2023-05-30T16:07:45.208Z

Weakness Enumerations

CWE	URL
CWE-824	http://cwe.mitre.org/data/definitions/824.html

References

Reference URL	Reference Tags
https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-xfj4-9g7w-f4gh	x_refsource_CONFIRM
https://github.com/RIOT-OS/RIOT/commit/287f030af20e829469cdf740606148018a5a220d	x_refsource_MISC
https://github.com/RIOT-OS/RIOT/blob/ccbb304eae7b59e8aca24a6ffd095b5b3f7720ee/sys/net/gnrc/network_layer/sixlowpan/frag/sfr/gnrc_sixlowpan_frag_sfr.c#L402	x_refsource_MISC
https://github.com/RIOT-OS/RIOT/blob/ccbb304eae7b59e8aca24a6ffd095b5b3f7720ee/sys/net/gnrc/network_layer/sixlowpan/frag/sfr/gnrc_sixlowpan_frag_sfr.c#L420	x_refsource_MISC

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-24826
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24826

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 07:24:04				Added to TrackCVE