N/A

The Sub-IoT implementation of the DASH 7 Alliance protocol has a vulnerability that can lead to an out-of-bounds write prior to implementation version 0.5.0. If the protocol has been compiled using default settings, this will only grant the attacker access to allocated but unused memory. However, if it was configured using non-default settings, there is the possibility that exploiting this vulnerability could lead to system crashes and remote code execution.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

跨界内存写

Sub-IoT 缓冲区错误漏洞

Sub-IoT是Sub-IoT的Dash7 联盟协议的开源堆栈。 Sub-IoT DASH 7 Alliance protocol implementation 0.5.0 之前版本存在缓冲区错误漏洞，该漏洞源于Sub-IoT 存在一个安全问题，可导致越界写入，如果协议是使用默认设置编译的，这将只允许攻击者访问已分配但未使用的内存，但是，如果使用非默认设置进行配置，攻击者利用该漏洞可以可能会导致系统崩溃和远程代码执行。

N/A

N/A