Vulnerabilities > CVE-2019-15134 - Memory Leak vulnerability in Riot-Os Riot

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

riot-os

CWE-401

NVD

Published: 2019-08-17

Updated: 2020-08-24

Summary

RIOT through 2019.07 contains a memory leak in the TCP implementation (gnrc_tcp), allowing an attacker to consume all memory available for network packets and thus effectively stopping all network threads from working. This is related to _receive in sys/net/gnrc/transport_layer/tcp/gnrc_tcp_eventloop.c upon receiving an ACK before a SYN.

Vulnerable Configurations

Part	Description	Count
OS	Riot-Os Riot OS Riot 2013.08 Riot OS Riot 2014.01 Riot OS Riot 2014.05 Riot OS Riot 2014.12 Riot OS Riot 2015.09 Riot OS Riot 2015.12 Riot OS Riot 2016.04 Riot OS Riot 2016.07 Riot OS Riot 2016.10 Riot OS Riot 2017.01 Riot OS Riot 2017.04 Riot OS Riot 2017.07 Riot OS Riot 2017.10 Riot OS Riot 2018.01 Riot OS Riot 2018.04 Riot OS Riot 2018.07 Riot OS Riot 2018.10 Riot OS Riot 2018.10.1 Riot OS Riot 2019.01 Riot OS Riot 2019.04 Riot OS Riot 2019.07	64

Common Weakness Enumeration (CWE)

CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

References

https://github.com/RIOT-OS/RIOT/pull/12001