CVE-2023-24825
RIOT-OS vulnerable to NULL pointer dereference in gnrc_pktbuf_mark
In short
RIOT-OS, an operating system for IoT devices, can crash when it receives a specially crafted network frame because the code doesn't properly check if a pointer is valid before using it. An attacker can exploit this to disable the device.
Technical detail
A NULL pointer dereference vulnerability in the gnrc_pktbuf_mark function of RIOT-OS network stack allows a remote attacker to send a malformed 6LoWPAN frame that triggers unchecked pointer dereference, resulting in denial of service. The vulnerability requires network access to the IoT device but no authentication or privilege escalation.
Summary generated and translated by AI from the official description.
RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device to trigger a NULL pointer dereference leading to denial of service. This issue is fixed in version 2023.04. There are no known workarounds.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
RIOT-OS · RIOTWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/RIOT-OS/RIOT/blob/2022.10-branch/sys/net/gnrc/network_layer/sixlowpan/frag/rb/gnrc_sixlowpan_frag_rb.c#L416https://github.com/RIOT-OS/RIOT/blob/2022.10-branch/sys/net/gnrc/network_layer/sixlowpan/frag/rb/gnrc_sixlowpan_frag_rb.c#L429https://github.com/RIOT-OS/RIOT/blob/2022.10-branch/sys/net/gnrc/network_layer/sixlowpan/iphc/gnrc_sixlowpan_iphc.c#L729https://github.com/RIOT-OS/RIOT/blob/2022.10-branch/sys/net/gnrc/network_layer/sixlowpan/iphc/gnrc_sixlowpan_iphc.c#L761https://github.com/RIOT-OS/RIOT/blob/ccbb304eae7b59e8aca24a6ffd095b5b3f7720ee/sys/net/gnrc/pktbuf_static/gnrc_pktbuf_static.c#L169https://github.com/RIOT-OS/RIOT/commit/0c522075445a62ce3102e141573ecc2788521897https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-xqm8-xj74-fjw2