N/A

RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding function base64_decode() uses an output buffer estimation function to compute the required buffer capacity and validate against the provided buffer size. The base64_estimate_decode_size() function calculates the expected decoded size with an arithmetic round-off error and does not take into account possible padding bytes. Due to this underestimation, it may be possible to craft base64 input that causes a buffer overflow.

N/A

N/A

RIOT 缓冲区错误漏洞

RIOT RIOT-OS是一套应用于物联网领域的操作系统。 RIOT 2020.04版本中的base64解码器存在缓冲区错误漏洞，该漏洞源于程序没有正确检查边界。远程攻击者可借助特制参数利用该漏洞在系统上执行任意代码。

N/A

N/A