Headline
CVE-2023-24822: gnrc_sixlowpan: Various hardening fixes [backport 2022.10] by miri64 · Pull Request #18820 · RIOT-OS/RIOT
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference while encoding a 6LoWPAN IPHC header. The NULL pointer dereference causes a hard fault exception, leading to denial of service. Version 2022.10 fixes this issue. As a workaround, apply the patches manually.
Show all changes
10 commits
Select commit Hold shift + click to select a range
da63e45
gnrc_sixlowpan_iphc: fix buffer overflow in gnrc_sixlowpan_iphc_recv()
miri64 Sep 23, 2022
d052e2e
gnrc_sixlowpan_iphc: fix integer underflow in gnrc_sixlowpan_iphc_recv()
miri64 Sep 23, 2022
bd31010
gnrc_sixlowpan_frag_rb: fix integer underflow in _6lo_frag_size()
miri64 Sep 23, 2022
7253e26
gnrc_sixlowpan_iphc: fix null pointer dereference in _iphc_encode()
Diff-fusion Sep 23, 2022
dafc397
gnrc_sixlowpan_iphc: fix packet type confusion in _iphc_encode()
miri64 Sep 23, 2022
f4df5b4
ieee802154: Adjust parsing of IEEE 802.15.4 frame header
Diff-fusion Oct 7, 2022
4b23d93
gnrc_netif_ieee802154: Ignore packets without source address
Diff-fusion Oct 7, 2022
f4fb746
gnrc_sixlowpan_frag_vrb: Assert no usage of a vrb with src_len == 0
Diff-fusion Oct 7, 2022
0cba82a
gnrc_sixlowpan_iphc.c: dereference ipv6_hdr in DEBUG() after assignment
miri64 Oct 28, 2022
e82cab6
tests/unittests: fix get_frame_hdr_len tests for hardened parsing
miri64 Oct 28, 2022