CVE-2023-33974

CVSS V2 None CVSS V3 None
Description
RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send multiple crafted frames to the device to trigger a race condition. The race condition invalidates assumptions about the program state and leads to an invalid memory access resulting in denial of service. This issue is patched in pull request 19679. There are no known workarounds.
Overview
  • CVE ID
  • CVE-2023-33974
  • Assigner
  • GitHub_M
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2023-05-30T16:50:06.211Z
  • Last Modified Date
  • 2023-05-30T16:50:06.211Z
Weakness Enumerations
CWE URL
CWE-362 http://cwe.mitre.org/data/definitions/362.html
References
Reference URL Reference Tags
https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-8m3w-mphf-wxm8 x_refsource_CONFIRM
https://github.com/RIOT-OS/RIOT/pull/19679 x_refsource_MISC
https://github.com/RIOT-OS/RIOT/commit/31c6191f6196f1a05c9765cffeadba868e3b0723 x_refsource_MISC
https://github.com/RIOT-OS/RIOT/blob/f41b4b67b6affca0a8b32edced7f51088696869a/sys/net/gnrc/network_layer/sixlowpan/frag/sfr/gnrc_sixlowpan_frag_sfr.c#L1717 x_refsource_MISC
https://github.com/RIOT-OS/RIOT/blob/f41b4b67b6affca0a8b32edced7f51088696869a/sys/net/gnrc/network_layer/sixlowpan/frag/sfr/gnrc_sixlowpan_frag_sfr.c#L509 x_refsource_MISC
https://github.com/RIOT-OS/RIOT/blob/f41b4b67b6affca0a8b32edced7f51088696869a/sys/net/gnrc/network_layer/sixlowpan/frag/sfr/gnrc_sixlowpan_frag_sfr.c#L617 x_refsource_MISC
https://github.com/RIOT-OS/RIOT/blob/master/sys/net/gnrc/network_layer/sixlowpan/frag/sfr/gnrc_sixlowpan_frag_sfr.c#L1586 x_refsource_MISC
https://github.com/RIOT-OS/RIOT/blob/master/sys/net/gnrc/network_layer/sixlowpan/frag/sfr/gnrc_sixlowpan_frag_sfr.c#L404 x_refsource_MISC
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2023-33974
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33974
History
Created Old Value New Value Data Type Notes
2024-06-25 08:02:53 Added to TrackCVE