CVE-2023-33973 – CVE-2023-33973 is a NULL pointer dereference vu... (How to Fix)

Q: What is the severity of CVE-2023-33973?

CVE-2023-33973 has a CVSS score of 7.5 (HIGH). CVE-2023-33973 is a NULL pointer dereference vulnerability in RIOT-OS's 6LoWPAN network stack that allows remote attackers to crash IoT devices by sending specially crafted frames. This leads to denial of service, affecting all devices running RIOT-OS versions 2023.01 and earlier with 6LoWPAN enabled.

📋 TL;DR

CVE-2023-33973 is a NULL pointer dereference vulnerability in RIOT-OS's 6LoWPAN network stack that allows remote attackers to crash IoT devices by sending specially crafted frames. This leads to denial of service, affecting all devices running RIOT-OS versions 2023.01 and earlier with 6LoWPAN enabled.

💻 Affected Systems

Products:

RIOT-OS

Versions: 2023.01 and all prior versions

Operating Systems: RIOT-OS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with 6LoWPAN network stack enabled and configured to process IPv6 packets.

📦 What is this software?

Riot by Riot Os

View all CVEs affecting Riot →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Permanent device crash requiring physical reset or power cycle, potentially disrupting critical IoT operations in industrial or infrastructure environments.

🟠

Likely Case

Temporary denial of service until device automatically reboots or is manually reset, disrupting IoT network communications.

🟢

If Mitigated

No impact if patched or if 6LoWPAN functionality is disabled in network configuration.

🌐 Internet-Facing: HIGH - IoT devices with 6LoWPAN exposed to network can be remotely crashed by any attacker who can send crafted packets.

🏢 Internal Only: MEDIUM - Internal attackers with network access can exploit, but requires specific 6LoWPAN knowledge and access to IoT network segments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending crafted 6LoWPAN frames but no authentication or special privileges needed. The vulnerability is in packet forwarding logic, making it accessible to network attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after pull request 19678 (post-2023.01)

Vendor Advisory: https://github.com/RIOT-OS/RIOT/pull/19678

Restart Required: Yes

Instructions:

1. Update RIOT-OS to latest version incorporating PR 19678. 2. Recompile and redeploy firmware to affected IoT devices. 3. Restart devices to apply the updated firmware.

🔧 Temporary Workarounds

Disable 6LoWPAN forwarding

all

Configure devices to not forward 6LoWPAN packets if not required for functionality

# Requires modifying RIOT-OS network configuration to disable 6LoWPAN packet processing

Network segmentation

all

Isolate IoT devices with 6LoWPAN in separate network segments with strict ingress filtering

🧯 If You Can't Patch

Implement strict network access controls to limit who can send packets to IoT devices
Deploy network intrusion detection to monitor for crafted 6LoWPAN frames and alert on potential exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check RIOT-OS version: if running 2023.01 or earlier and 6LoWPAN is enabled, device is vulnerable.

Check Version:

Check RIOT-OS build configuration or firmware version information specific to your device implementation

Verify Fix Applied:

Verify RIOT-OS version is newer than 2023.01 and includes commit from PR 19678 in the codebase.

📡 Detection & Monitoring

Log Indicators:

Device crash/reboot logs
Kernel panic messages related to NULL pointer dereference in network stack

Network Indicators:

Unusual 6LoWPAN frame patterns
Sudden cessation of network traffic from IoT devices

SIEM Query:

search 'RIOT-OS crash' OR 'NULL pointer dereference' AND source="iot_device"

📊 Metadata

CVE ID: CVE-2023-33973

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: May 30, 2023

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-33973, you might also want to check these: