Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2024-52802

RIOT is an operating system for internet of things (IoT) devices. In version 2024.04 and prior, the function `_parse_advertise`, located in `/sys/net/application_layer/dhcpv6/client.c`, has no minimum header length check for `dhcpv6_opt_t` after processing `dhcpv6_msg_t`. This omission could lead to an out-of-bound read, causing system inconsistency. Additionally, the same lack of a header length check is present in the function `_preparse_advertise`, which is called by `_parse_advertise` before handling the request. As of time of publication, no known patched version exists.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.4%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2024-52802
  • Riot-Os » Riot » Version: 2013.08
    cpe:2.3:o:riot-os:riot:2013.08
  • Riot-Os » Riot » Version: 2014.01
    cpe:2.3:o:riot-os:riot:2014.01
  • Riot-Os » Riot » Version: 2014.05
    cpe:2.3:o:riot-os:riot:2014.05
  • Riot-Os » Riot » Version: 2014.12
    cpe:2.3:o:riot-os:riot:2014.12
  • Riot-Os » Riot » Version: 2015.09
    cpe:2.3:o:riot-os:riot:2015.09
  • Riot-Os » Riot » Version: 2015.12
    cpe:2.3:o:riot-os:riot:2015.12
  • Riot-Os » Riot » Version: 2016.04
    cpe:2.3:o:riot-os:riot:2016.04
  • Riot-Os » Riot » Version: 2016.07
    cpe:2.3:o:riot-os:riot:2016.07
  • Riot-Os » Riot » Version: 2016.10
    cpe:2.3:o:riot-os:riot:2016.10
  • Riot-Os » Riot » Version: 2017.01
    cpe:2.3:o:riot-os:riot:2017.01
  • Riot-Os » Riot » Version: 2017.04
    cpe:2.3:o:riot-os:riot:2017.04
  • Riot-Os » Riot » Version: 2017.07
    cpe:2.3:o:riot-os:riot:2017.07
  • Riot-Os » Riot » Version: 2017.10
    cpe:2.3:o:riot-os:riot:2017.10
  • Riot-Os » Riot » Version: 2018.01
    cpe:2.3:o:riot-os:riot:2018.01
  • Riot-Os » Riot » Version: 2018.04
    cpe:2.3:o:riot-os:riot:2018.04
  • Riot-Os » Riot » Version: 2018.07
    cpe:2.3:o:riot-os:riot:2018.07
  • Riot-Os » Riot » Version: 2018.10
    cpe:2.3:o:riot-os:riot:2018.10
  • Riot-Os » Riot » Version: 2018.10.1
    cpe:2.3:o:riot-os:riot:2018.10.1
  • Riot-Os » Riot » Version: 2019.01
    cpe:2.3:o:riot-os:riot:2019.01
  • Riot-Os » Riot » Version: 2019.04
    cpe:2.3:o:riot-os:riot:2019.04
  • Riot-Os » Riot » Version: 2019.07
    cpe:2.3:o:riot-os:riot:2019.07
  • Riot-Os » Riot » Version: 2019.10
    cpe:2.3:o:riot-os:riot:2019.10
  • Riot-Os » Riot » Version: 2020.01
    cpe:2.3:o:riot-os:riot:2020.01
  • Riot-Os » Riot » Version: 2020.01.1
    cpe:2.3:o:riot-os:riot:2020.01.1
  • Riot-Os » Riot » Version: 2020.04
    cpe:2.3:o:riot-os:riot:2020.04
  • Riot-Os » Riot » Version: 2021.01
    cpe:2.3:o:riot-os:riot:2021.01
  • Riot-Os » Riot » Version: 2021.04
    cpe:2.3:o:riot-os:riot:2021.04
  • Riot-Os » Riot » Version: 2021.07
    cpe:2.3:o:riot-os:riot:2021.07
  • Riot-Os » Riot » Version: 2021.10
    cpe:2.3:o:riot-os:riot:2021.10
  • Riot-Os » Riot » Version: 2022.01
    cpe:2.3:o:riot-os:riot:2022.01
  • Riot-Os » Riot » Version: 2022.04
    cpe:2.3:o:riot-os:riot:2022.04
  • Riot-Os » Riot » Version: 2022.07
    cpe:2.3:o:riot-os:riot:2022.07
  • Riot-Os » Riot » Version: 2022.10
    cpe:2.3:o:riot-os:riot:2022.10
  • Riot-Os » Riot » Version: 2023.01
    cpe:2.3:o:riot-os:riot:2023.01
  • Riot-Os » Riot » Version: 2023.04
    cpe:2.3:o:riot-os:riot:2023.04
  • Riot-Os » Riot » Version: 2023.07
    cpe:2.3:o:riot-os:riot:2023.07
  • Riot-Os » Riot » Version: 2023.10
    cpe:2.3:o:riot-os:riot:2023.10
  • Riot-Os » Riot » Version: 2024.01
    cpe:2.3:o:riot-os:riot:2024.01
  • Riot-Os » Riot » Version: 2024.04
    cpe:2.3:o:riot-os:riot:2024.04


Products
Pricing
Contact Us

Shodan ® - All rights reserved