Vulnerabilities > CVE-2019-16754 - NULL Pointer Dereference vulnerability in Riot-Os Riot 2019.07

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
riot-os
CWE-476

Summary

RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implementation (asymcute), potentially allowing an attacker to crash a network node running RIOT. This requires spoofing an MQTT server response. To do so, the attacker needs to know the MQTT MsgID of a pending MQTT protocol message and the ephemeral port used by RIOT's MQTT implementation. Additionally, the server IP address is required for spoofing the packet.

Vulnerable Configurations

Part Description Count
OS
Riot-Os
1

Common Weakness Enumeration (CWE)