VYPR
Unrated severityNVD Advisory· Published May 30, 2023· Updated Jan 10, 2025

RIOT-OS vulnerable to NULL pointer dereference during NHC encoding

CVE-2023-33973

Description

RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send a crafted frame which is forwarded by the device. During encoding of the packet a NULL pointer dereference occurs. This crashes the device leading to denial of service. A patch is available at pull request 19678. There are no known workarounds.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Riot OS/Riotllm-fuzzy2 versions
    <=2023.01+ 1 more
    • (no CPE)range: <=2023.01
    • (no CPE)range: <= 2023.01

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.