Johann Fischer

2 exploits Active since May 2023
CVE-2023-24825 WRITEUP HIGH WRITEUP
RIOT-OS < 2023.04 - Denial of Service via Crafted 6LoWPAN Frame
RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device to trigger a NULL pointer dereference leading to denial of service. This issue is fixed in version 2023.04. There are no known workarounds.
CVSS 7.5
CVE-2023-33973 WRITEUP HIGH WRITEUP
RIOT-OS < 2023.01 - Denial of Service via NULL Pointer Dereference in 6LoWPAN Frame Processing
RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send a crafted frame which is forwarded by the device. During encoding of the packet a NULL pointer dereference occurs. This crashes the device leading to denial of service. A patch is available at pull request 19678. There are no known workarounds.
CVSS 7.5