Vulnerability Details CVE-2019-15702
In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the parser for TCP options does not terminate on all inputs, allowing a denial-of-service, because sys/net/gnrc/transport_layer/tcp/gnrc_tcp_option.c has an infinite loop for an unknown zero-length option.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.7%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2019-15702
-
cpe:2.3:o:riot-os:riot:2013.08
-
cpe:2.3:o:riot-os:riot:2014.01
-
cpe:2.3:o:riot-os:riot:2014.05
-
cpe:2.3:o:riot-os:riot:2014.12
-
cpe:2.3:o:riot-os:riot:2015.09
-
cpe:2.3:o:riot-os:riot:2015.12
-
cpe:2.3:o:riot-os:riot:2016.04
-
cpe:2.3:o:riot-os:riot:2016.07
-
cpe:2.3:o:riot-os:riot:2016.10
-
cpe:2.3:o:riot-os:riot:2017.01
-
cpe:2.3:o:riot-os:riot:2017.04
-
cpe:2.3:o:riot-os:riot:2017.07
-
cpe:2.3:o:riot-os:riot:2017.10
-
cpe:2.3:o:riot-os:riot:2018.01
-
cpe:2.3:o:riot-os:riot:2018.04
-
cpe:2.3:o:riot-os:riot:2018.07
-
cpe:2.3:o:riot-os:riot:2018.10
-
cpe:2.3:o:riot-os:riot:2018.10.1
-
cpe:2.3:o:riot-os:riot:2019.01
-
cpe:2.3:o:riot-os:riot:2019.04
-
cpe:2.3:o:riot-os:riot:2019.07