Buffer Overflow Vulnerability in RIOT-OS sock_dns Implementation Allows Remote Code Execution

Buffer Overflow Vulnerability in RIOT-OS sock_dns Implementation Allows Remote Code Execution

CVE-2019-1000006 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

RIOT RIOT-OS version after commit 7af03ab624db0412c727eed9ab7630a5282e2fd3 contains a Buffer Overflow vulnerability in sock_dns, an implementation of the DNS protocol utilizing the RIOT sock API that can result in Remote code executing. This attack appears to be exploitable via network connectivity.

Learn more about our Api Penetration Testing.