CVE-2019-15134

Published: Aug 17, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

RIOT through 2019.07 contains a memory leak in the TCP implementation (gnrc_tcp), allowing an attacker to consume all memory available for network packets and thus effectively stopping all network threads from working. This is related to _receive in sys/net/gnrc/transport_layer/tcp/gnrc_tcp_eventloop.c upon receiving an ACK before a SYN.

Affected (1)

Products: Riot Os: Riot

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Riot Os Riot	Up to 2019.07

Related CWEs

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (2)

https://github.com/RIOT-OS/RIOT/pull/12001

Source: cve@mitre.org

ExploitPatchThird Party Advisory

https://github.com/RIOT-OS/RIOT/pull/12001

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

Timeline

No history available yet.