Sign-up

ID

VAR-201908-0940


CVE

CVE-2019-15702


TITLE

RIOT Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-008735

DESCRIPTION

In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the parser for TCP options does not terminate on all inputs, allowing a denial-of-service, because sys/net/gnrc/transport_layer/tcp/gnrc_tcp_option.c has an infinite loop for an unknown zero-length option. RIOT Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. RIOT RIOT-OS is a set of operating systems used in the field of Internet of Things. The TCP implementation (gnrc_tcp) in RIOT 2019.07 and earlier versions has a security vulnerability. An attacker could use this vulnerability to cause an infinite loop, resulting in a denial of service

Trust: 2.79

sources: NVD: CVE-2019-15702 // JVNDB: JVNDB-2019-008735 // CNVD: CNVD-2019-47025 // CNNVD: CNNVD-201908-2086 // VULMON: CVE-2019-15702

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-47025

AFFECTED PRODUCTS

vendor:riot osmodel:riotscope:lteversion:2019.07

Trust: 1.0

vendor:riotmodel:riotscope:lteversion:2019.07

Trust: 0.8

vendor:riotmodel:riot-osscope:lteversion:<=2019.07

Trust: 0.6

sources: CNVD: CNVD-2019-47025 // JVNDB: JVNDB-2019-008735 // NVD: CVE-2019-15702

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15702
value: HIGH

Trust: 1.0

NVD: CVE-2019-15702
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-47025
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201908-2086
value: HIGH

Trust: 0.6

VULMON: CVE-2019-15702
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-15702
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-47025
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-15702
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-15702
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-47025 // VULMON: CVE-2019-15702 // JVNDB: JVNDB-2019-008735 // CNNVD: CNNVD-201908-2086 // NVD: CVE-2019-15702

PROBLEMTYPE DATA

problemtype:CWE-835

Trust: 1.0

problemtype:CWE-399

Trust: 0.8

sources: JVNDB: JVNDB-2019-008735 // NVD: CVE-2019-15702

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-2086

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201908-2086

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-008735

PATCH
title:gnrc_tcp: option parsing doesn't terminate on all inputs, potential DOS #12086url:https://github.com/RIOT-OS/RIOT/issues/12086
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-008735

EXTERNAL IDS
db:NVDid:CVE-2019-15702
Trust: 3.1
db:JVNDBid:JVNDB-2019-008735
Trust: 0.8
db:CNVDid:CNVD-2019-47025
Trust: 0.6
db:CNNVDid:CNNVD-201908-2086
Trust: 0.6
db:VULMONid:CVE-2019-15702
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-47025 // 
            
            
            
            VULMON: CVE-2019-15702 // 
            
            
            
            JVNDB: JVNDB-2019-008735 // 
            
            
            
            CNNVD: CNNVD-201908-2086 // 
            
            
            
            NVD: CVE-2019-15702

REFERENCES
url:https://github.com/riot-os/riot/issues/12086
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2019-15702
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15702
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/835.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-47025 // 
            
            
            
            VULMON: CVE-2019-15702 // 
            
            
            
            JVNDB: JVNDB-2019-008735 // 
            
            
            
            CNNVD: CNNVD-201908-2086 // 
            
            
            
            NVD: CVE-2019-15702

SOURCES
db:CNVDid:CNVD-2019-47025
db:VULMONid:CVE-2019-15702
db:JVNDBid:JVNDB-2019-008735
db:CNNVDid:CNNVD-201908-2086
db:NVDid:CVE-2019-15702

LAST UPDATE DATE
2024-11-23T22:51:41.661000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-47025date:2019-12-26T00:00:00
db:VULMONid:CVE-2019-15702date:2020-02-18T00:00:00
db:JVNDBid:JVNDB-2019-008735date:2019-09-05T00:00:00
db:CNNVDid:CNNVD-201908-2086date:2020-02-19T00:00:00
db:NVDid:CVE-2019-15702date:2024-11-21T04:29:17.363

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-47025date:2019-12-26T00:00:00
db:VULMONid:CVE-2019-15702date:2019-08-27T00:00:00
db:JVNDBid:JVNDB-2019-008735date:2019-09-05T00:00:00
db:CNNVDid:CNNVD-201908-2086date:2019-08-27T00:00:00
db:NVDid:CVE-2019-15702date:2019-08-27T18:15:11.280