CVE-2023-33975

Exploit

EPSS 1.48%
Veröffentlicht 30.05.2023 18:15:10
Zuletzt bearbeitet 21.11.2024 08:06:19
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

RIOT-OS vulnerable to Out of Bounds Write in _rbuf_add

RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In version 2023.01 and prior, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. Corrupting a pointer will easily lead to denial of service. While carefully manipulating the allocator metadata gives an attacker the possibility to write data to arbitrary locations and thus execute arbitrary code. This issue is fixed in pull request 19680. As a workaround, disable support for fragmented IP datagrams.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 11

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Riot-os ≫ Riot Version <= 2023.01

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.48%	0.705

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://github.com/RIOT-OS/RIOT/blob/f41b4b67b6affca0a8b32edced7f51088696869a/sys/net/gnrc/network_layer/sixlowpan/frag/rb/gnrc_sixlowpan_frag_rb.c#L320

Vendor Advisory

https://github.com/RIOT-OS/RIOT/blob/f41b4b67b6affca0a8b32edced7f51088696869a/sys/net/gnrc/network_layer/sixlowpan/frag/rb/gnrc_sixlowpan_frag_rb.c#L388

Vendor Advisory

https://github.com/RIOT-OS/RIOT/blob/f41b4b67b6affca0a8b32edced7f51088696869a/sys/net/gnrc/network_layer/sixlowpan/frag/rb/gnrc_sixlowpan_frag_rb.c#L463

Vendor Advisory

https://github.com/RIOT-OS/RIOT/blob/f41b4b67b6affca0a8b32edced7f51088696869a/sys/net/gnrc/network_layer/sixlowpan/frag/rb/gnrc_sixlowpan_frag_rb.c#L467

Vendor Advisory

https://github.com/RIOT-OS/RIOT/blob/f41b4b67b6affca0a8b32edced7f51088696869a/sys/net/gnrc/network_layer/sixlowpan/frag/rb/gnrc_sixlowpan_frag_rb.c#L480

Vendor Advisory

https://github.com/RIOT-OS/RIOT/commit/1aeb90ee5555ae78b567a6365ae4ab71bfd1404b

Vendor Advisory

https://github.com/RIOT-OS/RIOT/pull/19680

Patch

Vendor Advisory

https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-f6ff-g7mh-58q4

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-33975

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-33975

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-33975

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-33975