What is the severity of CVE-2023-24820?

CVE-2023-24820 is considered a high-severity vulnerability due to its potential to cause significant impacts such as out of bounds writes in the RIOT-OS network stack.

How do I fix CVE-2023-24820?

To address CVE-2023-24820, it is recommended to update to a patched version of RIOT-OS that resolves this vulnerability.

What systems are affected by CVE-2023-24820?

CVE-2023-24820 affects RIOT-OS versions prior to 2022.10 that support Internet of Things devices utilizing the network stack.

What type of attack does CVE-2023-24820 involve?

CVE-2023-24820 involves a crafted attack that sends malicious 6LoWPAN frames to exploit the network stack, leading to out of bounds writes.

What are the potential consequences of exploiting CVE-2023-24820?

Exploitation of CVE-2023-24820 can lead to system crashes, unauthorized access, or execution of arbitrary code in affected devices.

Vulnerability/
CVE-2023-24820

high

7.5

CWE

191 787

24/4/2023

4/2/2025

CVE-2023-24820: RIOT-OS vulnerable to Integer Underflow during IPHC receive

First published: Mon Apr 24 2023(Updated: )

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. An attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write will create a hard fault exception after reaching the last page of RAM. The hard fault is not handled and the system will be stuck until reset. Thus the impact is denial of service. Version 2022.10 fixes this issue. As a workaround, apply the patch manually.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Riot-os Riot	<2022.10

Remedy

https://github.com/RIOT-OS/RIOT/pull/18817/commits/2709fbd827b688fe62df2c77c316914f4a3a6d4a

Remedy

https://github.com/RIOT-OS/RIOT/pull/18820/commits/d052e2ee166e55bbdfe4c455e65dbd7e3479ebe3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-24820?
CVE-2023-24820 is considered a high-severity vulnerability due to its potential to cause significant impacts such as out of bounds writes in the RIOT-OS network stack.
How do I fix CVE-2023-24820?
To address CVE-2023-24820, it is recommended to update to a patched version of RIOT-OS that resolves this vulnerability.
What systems are affected by CVE-2023-24820?
CVE-2023-24820 affects RIOT-OS versions prior to 2022.10 that support Internet of Things devices utilizing the network stack.
What type of attack does CVE-2023-24820 involve?
CVE-2023-24820 involves a crafted attack that sends malicious 6LoWPAN frames to exploit the network stack, leading to out of bounds writes.
What are the potential consequences of exploiting CVE-2023-24820?
Exploitation of CVE-2023-24820 can lead to system crashes, unauthorized access, or execution of arbitrary code in affected devices.

collector/nvd-index
agent/type
agent/softwarecombine
agent/remedy
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/references
agent/title
agent/severity
agent/author
agent/weakness
agent/first-publish-date
agent/event
agent/description
agent/tags
agent/source
vendor/riot-os
canonical/riot-os riot

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.