Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
In RIOT 2019.07, the MQTT-SN implementation (asymcute) mishandles errors occurring during a read operation on a UDP socket. The receive loop ends. This allows an attacker (via a large packet) to prevent a RIOT MQTT-SN client from working until the device is restarted.
AnalysisAI
In RIOT 2019.07, the MQTT-SN implementation (asymcute) mishandles errors occurring during a read operation on a UDP socket. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
In RIOT 2019.07, the MQTT-SN implementation (asymcute) mishandles errors occurring during a read operation on a UDP socket. The receive loop ends. This allows an attacker (via a large packet) to prevent a RIOT MQTT-SN client from working until the device is restarted. Affected products include: Riot-Os Riot.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process
RIOT RIOT-OS version after commit 7af03ab624db0412c727eed9ab7630a5282e2fd3 contains a Buffer Overflow vulnerability in s
RIOT IoT operating system has an out-of-bounds read vulnerability (CVSS 9.1) that could lead to information disclosure o
RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit a
RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit a
RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit a
RIOT is an operating system for internet of things (IoT) devices. Rated high severity (CVSS 7.5), this vulnerability is
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to proc
RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implementation (asymcute), potentially allowing an attac
In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the parser for TCP options does not terminate on all input
RIOT through 2019.07 contains a memory leak in the TCP implementation (gnrc_tcp), allowing an attacker to consume all me
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT)
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today