Vulnerability Description
Stack-based buffer overflow in the ipv6_addr_from_str function in sys/net/network_layer/ipv6/addr/ipv6_addr_from_str.c in RIOT prior to 2017-04-25 allows local attackers, and potentially remote attackers, to cause a denial of service or possibly have unspecified other impact via a malformed IPv6 address.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Riot Project | Riot | <= 2017.01 |
Related Weaknesses (CWE)
References
- https://github.com/RIOT-OS/RIOT/issues/6840Issue TrackingPatchThird Party Advisory
- https://github.com/RIOT-OS/RIOT/pull/6961Issue TrackingPatchThird Party Advisory
- https://github.com/RIOT-OS/RIOT/pull/6962Issue TrackingPatch
- https://github.com/RIOT-OS/RIOT/issues/6840Issue TrackingPatchThird Party Advisory
- https://github.com/RIOT-OS/RIOT/pull/6961Issue TrackingPatchThird Party Advisory
- https://github.com/RIOT-OS/RIOT/pull/6962Issue TrackingPatch
FAQ
What is CVE-2017-8289?
CVE-2017-8289 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Stack-based buffer overflow in the ipv6_addr_from_str function in sys/net/network_layer/ipv6/addr/ipv6_addr_from_str.c in RIOT prior to 2017-04-25 allows local attackers, and potentially remote attack...
How severe is CVE-2017-8289?
CVE-2017-8289 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-8289?
Check the references section above for vendor advisories and patch information. Affected products include: Riot Project Riot.