CVE-2023-24820— RIOT RIOT-OS 数字错误漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2023-24820の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
RIOT-OS vulnerable to Integer Underflow during IPHC receive
ソース: NVD (National Vulnerability Database)
脆弱性説明
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. An attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write will create a hard fault exception after reaching the last page of RAM. The hard fault is not handled and the system will be stuck until reset. Thus the impact is denial of service. Version 2022.10 fixes this issue. As a workaround, apply the patch manually.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
整数下溢(超界折返)
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
RIOT RIOT-OS 数字错误漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
RIOT RIOT-OS是一套应用于物联网领域的操作系统。 RIOT RIOT-OS 2022.10 之前版本存在数字错误漏洞,攻击者利用该漏洞可以设备发送精心制作的帧,从而导致超出数据包缓冲区的大量越界写入,在到达 RAM 的最后一页后,写入将产生硬故障异常。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
II. CVE-2023-24820の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2023-24820のインテリジェンス情報
请登录查看更多情报信息。
- https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-vpx8-h94p-9vrjx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2023-24820
Same Patch Batch · RIOT-OS · 2023-04-24 · 6 CVEs total
| CVE-2023-24823 | 9.8 CRITICAL | RIOT-OS vulnerable to Packet Type Confusion during IPHC send |
| CVE-2023-24819 | 9.8 CRITICAL | RIOT-OS vulnerable to Buffer Overflow during IPHC receive |
| CVE-2023-24822 | 7.5 HIGH | RIOT-OS vulnerable to Null Pointer dereference during IPHC encoding |
| CVE-2023-24821 | 7.5 HIGH | RIOT-OS vulnerable to Integer Underflow during defragmentation |
| CVE-2023-24818 | 7.5 HIGH | RIOT-OS vulnerable to null pointer dereference during fragment forwarding |
IV. 関連脆弱性
同じ製品: RIOT
- CVE-2026-27703
RIOT has an Out-of-Bounds Write in nanoCoAP Handler - CVE-2026-25139
RIOT Vulnerable to Multiple Out-of-Bounds Read When Processi - CVE-2025-66647
RIOT OS has buffer overflow in gnrc_ipv6_ext_frag_reass - CVE-2025-66646
RIOT-OS has NULL pointer dereference in gnrc_ipv6_ext_frag_r - CVE-2025-53888
RIOT-OS has an ineffective size check that can lead to buffe
同じベンダー: RIOT-OS
- CVE-2026-27703
RIOT has an Out-of-Bounds Write in nanoCoAP Handler - CVE-2026-25139
RIOT Vulnerable to Multiple Out-of-Bounds Read When Processi - CVE-2025-66647
RIOT OS has buffer overflow in gnrc_ipv6_ext_frag_reass - CVE-2025-66646
RIOT-OS has NULL pointer dereference in gnrc_ipv6_ext_frag_r - CVE-2025-53888
RIOT-OS has an ineffective size check that can lead to buffe
同じ弱点: CWE-191
- CVE-2026-7736
osrg GoBGP mrt.go parseRibEntry integer underflow - CVE-2026-33845
Gnutls: gnutls: denial of service via dtls zero-length fragm - CVE-2026-7424
Integer Underflow in DHCPv6 Sub-Option Parser in FreeRTOS-Pl - CVE-2026-7423
Integer Underflow in ICMP Echo Reply Processing in FreeRTOS- - CVE-2026-6914
MD5 checksum creation may cause availability loss
V. CVE-2023-24820へのコメント
まだコメントはありません