CVE-2024-51500— Meshtastic device firmware 安全漏洞

Failure to check for packets from the broadcast address allows potential DDoS amplification attack in Meshtastic firmware

Meshtastic firmware is a device firmware for the Meshtastic project. The Meshtastic firmware does not check for packets claiming to be from the special broadcast address (0xFFFFFFFF) which could result in unexpected behavior and potential for DDoS attacks on the network. A malicious actor could craft a packet to be from that address which would result in an amplification of this one message into every node on the network sending multiple messages. Such an attack could result in degraded network performance for all users as the available bandwidth is consumed. This issue has been addressed in release version 2.5.6. All users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

对特殊元素的转义处理不恰当

Meshtastic device firmware 安全漏洞

Meshtastic device firmware是Meshtastic开源的一种用于 Meshtastic 设备运行开源、离网、去中心化网状网络的固件。 Meshtastic device firmware 2.5.6版本之前存在安全漏洞，该漏洞源于Meshtastic固件不会检查声称来自特殊广播地址的数据包，这可能会导致意外行为并可能对网络造成分布式拒绝服务攻击。

N/A

N/A