CVE-2023-24820

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-24820

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-24820.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-24820

Aliases

GHSA-vpx8-h94p-9vrj

Published

2023-04-24T14:59:43.562Z

Modified

2025-11-29T14:02:04.016102Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

RIOT-OS vulnerable to Integer Underflow during IPHC receive

Details

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. An attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write will create a hard fault exception after reaching the last page of RAM. The hard fault is not handled and the system will be stuck until reset. Thus the impact is denial of service. Version 2022.10 fixes this issue. As a workaround, apply the patch manually.

Database specific

{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/24xxx/CVE-2023-24820.json",
    "cwe_ids": [
        "CWE-191",
        "CWE-787"
    ]
}

References

Affected packages

Git / github.com/riot-os/riot

Affected ranges

Type

GIT

Repo

https://github.com/riot-os/riot

Events

Introduced

Fixed

365fbed906226dc36f50b0929e07426acbcc1e7d

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2022.10"
        }
    ]
}

Affected versions

2013.*

2013.08

2014.*

2014.01

2014.05

2014.12

2015.*

2015.09-RC1

2015.12-RC1

2015.12-devel

2016.*

2016.03-devel

2016.04-RC1

2016.07-RC1

2016.07-RC2

2016.07-devel

2016.10-RC1

2016.10-devel

2017.*

2017.01-RC1

2017.01-devel

2017.04-RC1

2017.04-devel

2017.07-RC1

2017.07-devel

2017.10-RC1

2017.10-devel

2018.*

2018.01-RC1

2018.01-devel

2018.04-RC1

2018.04-devel

2018.07-RC1

2018.07-devel

2018.10-RC1

2018.10-devel

2019.*

2019.01-RC1

2019.01-devel

2019.04-RC1

2019.04-devel

2019.07-RC1

2019.07-devel

2019.10-RC1

2019.10-devel

2020.*

2020.01-RC1

2020.01-devel

2020.04-RC1

2020.04-devel

2020.07-RC1

2020.07-devel

2020.10-RC1

2020.10-devel

2021.*

2021.01-RC1

2021.01-devel

2021.04-RC1

2021.04-devel

2021.07-RC1

2021.07-devel

2021.10-RC1

2021.10-devel

2022.*

2022.01-RC1

2022.01-devel

2022.04-RC1

2022.04-devel

2022.07-devel