CVE-2024-32017 – CVE-2024-32017 is a critical buffer overflow vu... (How to Fix)

Q: What is the severity of CVE-2024-32017?

CVE-2024-32017 has a CVSS score of 9.8 (CRITICAL). CVE-2024-32017 is a critical buffer overflow vulnerability in RIOT OS's CoAP implementation affecting gcoap_dns_server_proxy_get() and _gcoap_forward_proxy_copy_options() functions. The vulnerability allows attackers to cause denial of service or potentially execute arbitrary code by exploiting improper bounds checking. This affects all systems running vulnerable versions of RIOT OS with CoAP functionality enabled.

📋 TL;DR

CVE-2024-32017 is a critical buffer overflow vulnerability in RIOT OS's CoAP implementation affecting gcoap_dns_server_proxy_get() and _gcoap_forward_proxy_copy_options() functions. The vulnerability allows attackers to cause denial of service or potentially execute arbitrary code by exploiting improper bounds checking. This affects all systems running vulnerable versions of RIOT OS with CoAP functionality enabled.

💻 Affected Systems

Products:

RIOT OS

Versions: All versions up to and including current release (as of advisory date)

Operating Systems: RIOT OS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with CoAP functionality enabled and using the vulnerable gcoap modules.

📦 What is this software?

Riot by Riot Os

View all CVEs affecting Riot →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, allowing attackers to take control of affected IoT devices.

🟠

Likely Case

Denial of service causing device crashes and service disruption in IoT deployments.

🟢

If Mitigated

Limited impact with proper network segmentation and input validation controls in place.

🌐 Internet-Facing: HIGH - CoAP services are often exposed on IoT devices with minimal network protection.

🏢 Internal Only: MEDIUM - Still significant risk if attacker gains internal network access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending specially crafted CoAP packets to vulnerable endpoints.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not yet released

Vendor Advisory: https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-v97j-w9m6-c4h3

Restart Required: Yes

Instructions:

Monitor RIOT OS repository for security patches. When available: 1. Update to patched version 2. Recompile firmware 3. Deploy to affected devices 4. Verify functionality

🔧 Temporary Workarounds

Disable CoAP functionality

all

Disable gcoap modules and CoAP services if not required

Modify RIOT OS configuration to disable CONFIG_GCOAP and related CoAP modules

Implement network controls

linux

Restrict CoAP traffic to trusted sources only

iptables -A INPUT -p udp --dport 5683 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p udp --dport 5683 -j DROP

🧯 If You Can't Patch

Segment IoT devices on isolated network VLANs
Implement strict firewall rules to limit CoAP traffic to necessary sources only

🔍 How to Verify

Check if Vulnerable:

Check if RIOT OS version uses vulnerable gcoap modules and CoAP is enabled in configuration

Check Version:

Check RIOT OS version in source code or firmware metadata

Verify Fix Applied:

Verify patched version implements proper bounds checking in gcoap_dns_server_proxy_get() and _gcoap_forward_proxy_copy_options() functions

📡 Detection & Monitoring

Log Indicators:

Unusual CoAP packet sizes
Device crashes or restarts
Memory corruption errors

Network Indicators:

Oversized CoAP packets
Unusual CoAP traffic patterns
Exploit-specific packet signatures

SIEM Query:

source_port:5683 AND packet_size>1024 OR (protocol:coap AND abnormal_payload)

📊 Metadata

CVE ID: CVE-2024-32017

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: May 1, 2024

Last Updated: September 4, 2025

🔗 References

http://seclists.org/fulldisclosure/2024/May/7 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/05/07/3 Mailing List,Third Party Advisory
https://github.com/RIOT-OS/RIOT/blob/master/sys/net/application_layer/gcoap/dns.c#L319-L325 Product
https://github.com/RIOT-OS/RIOT/blob/master/sys/net/application_layer/gcoap/forward_proxy.c#L352 Product
https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-v97j-w9m6-c4h3 Exploit,Vendor Advisory
http://seclists.org/fulldisclosure/2024/May/7 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/05/07/3 Mailing List,Third Party Advisory
https://github.com/RIOT-OS/RIOT/blob/master/sys/net/application_layer/gcoap/dns.c#L319-L325 Product
https://github.com/RIOT-OS/RIOT/blob/master/sys/net/application_layer/gcoap/forward_proxy.c#L352 Product
https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-v97j-w9m6-c4h3 Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-32017, you might also want to check these: