Vulnerability Details CVE-2019-15134
RIOT through 2019.07 contains a memory leak in the TCP implementation (gnrc_tcp), allowing an attacker to consume all memory available for network packets and thus effectively stopping all network threads from working. This is related to _receive in sys/net/gnrc/transport_layer/tcp/gnrc_tcp_eventloop.c upon receiving an ACK before a SYN.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 7.8
Products affected by CVE-2019-15134
-
cpe:2.3:o:riot-os:riot:2013.08
-
cpe:2.3:o:riot-os:riot:2014.01
-
cpe:2.3:o:riot-os:riot:2014.05
-
cpe:2.3:o:riot-os:riot:2014.12
-
cpe:2.3:o:riot-os:riot:2015.09
-
cpe:2.3:o:riot-os:riot:2015.12
-
cpe:2.3:o:riot-os:riot:2016.04
-
cpe:2.3:o:riot-os:riot:2016.07
-
cpe:2.3:o:riot-os:riot:2016.10
-
cpe:2.3:o:riot-os:riot:2017.01
-
cpe:2.3:o:riot-os:riot:2017.04
-
cpe:2.3:o:riot-os:riot:2017.07
-
cpe:2.3:o:riot-os:riot:2017.10
-
cpe:2.3:o:riot-os:riot:2018.01
-
cpe:2.3:o:riot-os:riot:2018.04
-
cpe:2.3:o:riot-os:riot:2018.07
-
cpe:2.3:o:riot-os:riot:2018.10
-
cpe:2.3:o:riot-os:riot:2018.10.1
-
cpe:2.3:o:riot-os:riot:2019.01
-
cpe:2.3:o:riot-os:riot:2019.04
-
cpe:2.3:o:riot-os:riot:2019.07