Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
RIOT-OS vulnerable to Integer Underflow during defragmentation
Vulnerability Description
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write will create a hard fault exception after reaching the last page of RAM. The hard fault is not handled and the system will be stuck until reset, thus the impact is denial of service. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
整数下溢(超界折返)
Vulnerability Title
RIOT RIOT-OS 数字错误漏洞
Vulnerability Description
RIOT RIOT-OS是一套应用于物联网领域的操作系统。 RIOT-OS 2022.10之前版本存在数字错误漏洞。攻击者利用该漏洞发送特制的帧,从而导致超出数据包缓冲区的大量越界写入,在到达 RAM 的最后一页后,写入将产生硬故障异常。
CVSS Information
N/A
Vulnerability Type
N/A