RIOT-OS vulnerable to Race Condition in SFR Timeout

RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send multiple crafted frames to the device to trigger a race condition. The race condition invalidates assumptions about the program state and leads to an invalid memory access resulting in denial of service. This issue is patched in pull request 19679. There are no known workarounds.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

使用共享资源的并发执行不恰当同步问题(竞争条件)

RIOT RIOT-OS 竞争条件问题漏洞

RIOT RIOT-OS是一套应用于物联网领域的操作系统。 RIOT RIOT-OS 2023.01及之前版本存在安全漏洞，该漏洞源于触发竞争条件，攻击者利用该漏洞可以进行拒绝服务攻击。

N/A

N/A