VYPR
Unrated severityNVD Advisory· Published Apr 24, 2023· Updated Feb 4, 2025

RIOT-OS vulnerable to null pointer dereference during fragment forwarding

CVE-2023-24818

Description

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference. During forwarding of a fragment an uninitialized entry in the reassembly buffer is used. The NULL pointer dereference triggers a hard fault exception resulting in denial of service. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Riot OS/Riotllm-fuzzy2 versions
    <2022.10+ 1 more
    • (no CPE)range: <2022.10
    • (no CPE)range: < 2022.10

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.