CVE-2024-32018

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-32018
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-32018.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-32018
Aliases
  • GHSA-899m-q6pp-hmp3
Published
2024-05-01T06:14:03.199Z
Modified
2026-04-10T05:13:01.899903Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Ineffective size check due to assert() and buffer overflow in RIOT
Details

RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. Most codebases define assertion macros which compile to a no-op on non-debug builds. If assertions are the only line of defense against untrusted input, the software may be exposed to attacks that leverage the lack of proper input checks. In detail, in the nimble_scanlist_update() function below, len is checked in an assertion and subsequently used in a call to memcpy(). If an attacker is able to provide a larger len value while assertions are compiled-out, they can write past the end of the fixed-length e->ad buffer. If the unchecked input above is attacker-controlled and crosses a security boundary, the impact of the buffer overflow vulnerability could range from denial of service to arbitrary code execution. This issue has not yet been patched. Users are advised to add manual len checking.

Database specific 
{
    "cwe_ids": [
        "CWE-120"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/32xxx/CVE-2024-32018.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/riot-os/riot

Affected ranges

Type
GIT
Repo
https://github.com/riot-os/riot
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0f50a8fa00939351c06994b3cc0500174b44d8af
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2023.10"
        }
    ]
}

Affected versions

2013.*
2013.08
2014.*
2014.01
2014.05
2014.12
2015.*
2015.09-RC1
2015.12-RC1
2015.12-devel
2016.*
2016.03-devel
2016.04-RC1
2016.07-RC1
2016.07-RC2
2016.07-devel
2016.10-RC1
2016.10-devel
2017.*
2017.01-RC1
2017.01-devel
2017.04-RC1
2017.04-devel
2017.07-RC1
2017.07-devel
2017.10-RC1
2017.10-devel
2018.*
2018.01-RC1
2018.01-devel
2018.04-RC1
2018.04-devel
2018.07-RC1
2018.07-devel
2018.10-RC1
2018.10-devel
2019.*
2019.01-RC1
2019.01-devel
2019.04-RC1
2019.04-devel
2019.07-RC1
2019.07-devel
2019.10-RC1
2019.10-devel
2020.*
2020.01-RC1
2020.01-devel
2020.04-RC1
2020.04-devel
2020.07-RC1
2020.07-devel
2020.10-RC1
2020.10-devel
2021.*
2021.01-RC1
2021.01-devel
2021.04-RC1
2021.04-devel
2021.07-RC1
2021.07-devel
2021.10-RC1
2021.10-devel
2022.*
2022.01-RC1
2022.01-devel
2022.04-RC1
2022.04-devel
2022.07-RC1
2022.07-devel
2022.10-RC1
2022.10-devel
2023.*
2023.01-RC1
2023.01-devel
2023.04-RC1
2023.04-devel
2023.07-RC1
2023.07-devel
2023.10-devel

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-32018.json"