Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
RIOT-OS vulnerable to Integer Underflow during IPHC receive
Vulnerability Description
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. An attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write will create a hard fault exception after reaching the last page of RAM. The hard fault is not handled and the system will be stuck until reset. Thus the impact is denial of service. Version 2022.10 fixes this issue. As a workaround, apply the patch manually.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
整数下溢(超界折返)
Vulnerability Title
RIOT RIOT-OS 数字错误漏洞
Vulnerability Description
RIOT RIOT-OS是一套应用于物联网领域的操作系统。 RIOT RIOT-OS 2022.10 之前版本存在数字错误漏洞,攻击者利用该漏洞可以设备发送精心制作的帧,从而导致超出数据包缓冲区的大量越界写入,在到达 RAM 的最后一页后,写入将产生硬故障异常。
CVSS Information
N/A
Vulnerability Type
N/A