Vulnerabilities > CVE-2019-15702 - Infinite Loop vulnerability in Riot-Os Riot

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

riot-os

CWE-835

NVD

Published: 2019-08-27

Updated: 2020-02-18

Summary

In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the parser for TCP options does not terminate on all inputs, allowing a denial-of-service, because sys/net/gnrc/transport_layer/tcp/gnrc_tcp_option.c has an infinite loop for an unknown zero-length option.

Vulnerable Configurations

Part	Description	Count
OS	Riot-Os Riot OS Riot 2013.08 Riot OS Riot 2014.01 Riot OS Riot 2014.05 Riot OS Riot 2014.12 Riot OS Riot 2015.09 Riot OS Riot 2015.12 Riot OS Riot 2016.04 Riot OS Riot 2016.07 Riot OS Riot 2016.10 Riot OS Riot 2017.01 Riot OS Riot 2017.04 Riot OS Riot 2017.07 Riot OS Riot 2017.10 Riot OS Riot 2018.01 Riot OS Riot 2018.04 Riot OS Riot 2018.07 Riot OS Riot 2018.10 Riot OS Riot 2018.10.1 Riot OS Riot 2019.01 Riot OS Riot 2019.04 Riot OS Riot 2019.07	64

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

References

https://github.com/RIOT-OS/RIOT/issues/12086