How severe is CVE-2023-24819?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2023-24819?

This is classified as CWE-131, which is a common weakness in software security.

CVE-2023-24819

CRITICAL Year: 2023

CVSS v3 Score

9.8

Critical

Weakness Type

CWE-131

View all →

Vulnerability Description

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. Corrupting a pointer will easily lead to denial of service. While carefully manipulating the allocator metadata gives an attacker the possibility to write data to arbitrary locations and thus execute arbitrary code. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually.

CVE-2001-0248

CRITICAL

CVSS:9.8(Critical)

Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate long strings.

CWE-1312001

CVE-2001-0249

CRITICAL

CVSS:9.8(Critical)

Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings.

CWE-1312001

CVE-2002-1347

CRITICAL

CVSS:9.8(Critical)

Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonical...

CWE-1312002

CVE-2003-0899

CRITICAL

CVSS:9.8(Critical)

Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the...

CWE-1312003

CVE-2004-0434

CRITICAL

CVSS:9.8(Critical)

k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based ...

CWE-1312004

CVE-2004-1363

CRITICAL

CVSS:9.8(Critical)

Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.

CWE-1312004

CVE-2023-24819

Vulnerability Description

Related Vulnerabilities

CVE-2001-0248

CVE-2001-0249

CVE-2002-1347

CVE-2003-0899

CVE-2004-0434

CVE-2004-1363