RIOT-OS prior 2022.10 6LoWPAN Frame out-of-bounds write
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 9.6 | $0-$5k | 0.00 |
Summary
A vulnerability categorized as critical has been discovered in RIOT-OS. This affects an unknown part of the component 6LoWPAN Frame Handler. Executing a manipulation can lead to out-of-bounds write. The identification of this vulnerability is CVE-2023-24819. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.
Details
A vulnerability was found in RIOT-OS. It has been declared as very critical. This vulnerability affects an unknown functionality of the component 6LoWPAN Frame Handler. The manipulation with an unknown input leads to a out-of-bounds write vulnerability. The CWE definition for the vulnerability is CWE-787. The product writes data past the end, or before the beginning, of the intended buffer. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. Corrupting a pointer will easily lead to denial of service. While carefully manipulating the allocator metadata gives an attacker the possibility to write data to arbitrary locations and thus execute arbitrary code. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually.
The weakness was shared 04/24/2023 as GHSA-fv97-2448-gcf6. The advisory is shared for download at github.com. This vulnerability was named CVE-2023-24819 since 01/30/2023. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 04/24/2023).
Upgrading to version 2022.10 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.
Once again VulDB remains the best source for vulnerability data.
Product
Name
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 9.8VulDB Meta Temp Score: 9.6
VulDB Base Score: 9.8
VulDB Temp Score: 9.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
CNA Base Score: 9.8
CNA Vector (GitHub, Inc.): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Out-of-bounds writeCWE: CWE-787 / CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: RIOT-OS 2022.10
Patch: github.com
Timeline
01/30/2023 🔍04/24/2023 🔍
04/24/2023 🔍
04/24/2023 🔍
Sources
Advisory: GHSA-fv97-2448-gcf6Status: Confirmed
CVE: CVE-2023-24819 (🔍)
GCVE (CVE): GCVE-0-2023-24819
GCVE (VulDB): GCVE-100-227284
Entry
Created: 04/24/2023 18:07Changes: 04/24/2023 18:07 (50)
Complete: 🔍
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.