CVE-2024-32017

Exploit

EPSS 1.48%
Veröffentlicht 01.05.2024 07:15:39
Zuletzt bearbeitet 04.09.2025 19:37:00
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Buffer overflows in RIOT

RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The size check in the `gcoap_dns_server_proxy_get()` function contains a small typo that may lead to a buffer overflow in the subsequent `strcpy()`. In detail, the length of the `_uri` string is checked instead of the length of the `_proxy` string. The `_gcoap_forward_proxy_copy_options()` function does not implement an explicit size check before copying data to the `cep->req_etag` buffer that is `COAP_ETAG_LENGTH_MAX` bytes long. If an attacker can craft input so that `optlen` becomes larger than `COAP_ETAG_LENGTH_MAX`, they can cause a buffer overflow. If the input above is attacker-controlled and crosses a security boundary, the impact of the buffer overflow vulnerabilities could range from denial of service to arbitrary code execution. This issue has yet to be patched. Users are advised to add manual bounds checking.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Riot-os ≫ Riot Version <= 2024.01

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.48%	0.705

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9	2.2	6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
security-advisories@github.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

http://seclists.org/fulldisclosure/2024/May/7

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2024/05/07/3

Third Party Advisory

Mailing List

https://github.com/RIOT-OS/RIOT/blob/master/sys/net/application_layer/gcoap/dns.c#L319-L325

Product

https://github.com/RIOT-OS/RIOT/blob/master/sys/net/application_layer/gcoap/forward_proxy.c#L352

Product

https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-v97j-w9m6-c4h3

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-32017

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-32017

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-32017

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-32017