CRITICAL🇵🇱 Wersja polska

CVE-2020-15350

CVSS 9.8v3.1pub. 2020-07-07upd. 2024-11-21

RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding function base64_decode() uses an output buffer estimation function to compute the required buffer capacity and validate against the provided buffer size. The base64_estimate_decode_size() function calculates the expected decoded size with an arithmetic round-off error and does not take into account possible padding bytes. Due to this underestimation, it may be possible to craft base64 input that causes a buffer overflow.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Riot Os Riot

    OS
    Riot-Os
    2020.04
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2024-32017CRITICAL9.8PL ✓ten sam produkt

RIOT OS: buffer overflow w gcoap prowadzący do RCE lub DoS

CVE-2023-33975CRITICAL9.8ten sam produkt

RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability t...

CVE-2023-24819CRITICAL9.8ten sam produkt

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the abili...

CVE-2023-24823CRITICAL9.8ten sam produkt

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the abili...

CVE-2021-27357CRITICAL9.8ten sam produkt

RIOT-OS 2020.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_message...