CVE-2025-53888
BaseFortify
Publication date: 2025-07-18
Last updated on: 2025-09-11
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| riot-os | riot | to 2025.04 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in RIOT-OS involves an ineffective size check in the function l2filter_add(). The function uses an assert() to verify that the input address length (addr_len) does not exceed a maximum allowed size (CONFIG_L2FILTER_ADDR_MAXLEN). However, assertions are typically disabled in production builds, so this size check is not enforced at runtime. As a result, if an attacker provides an addr_len larger than the maximum, a memcpy() call copies more data than the buffer can hold, causing a buffer overflow. This can lead to memory corruption. [2]
How can this vulnerability impact me? :
The buffer overflow caused by this vulnerability can lead to various impacts depending on exploitation. It can cause a denial of service by crashing the system or, more severely, allow an attacker to execute arbitrary code. This means an attacker could potentially take control of the affected device running RIOT-OS. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a buffer overflow in the RIOT-OS function l2filter_add() caused by an unchecked addr_len parameter. Detection would involve monitoring or auditing the usage of the l2filter_add function for inputs where addr_len exceeds CONFIG_L2FILTER_ADDR_MAXLEN. Since this is a code-level issue, direct detection on a network or system would require either source code review or runtime instrumentation/logging of calls to l2filter_add. There are no specific commands provided in the resources to detect exploitation attempts or vulnerable states on a system or network. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves applying the patch described in Resource 1, which replaces the ineffective assert() size check with an explicit conditional check that returns an error if addr_len exceeds CONFIG_L2FILTER_ADDR_MAXLEN. Until the patch is applied, avoid using production builds that disable assertions as the only defense. If possible, update to a version of RIOT-OS that includes the patch (commit f6f7de4ccc107c018630e4c15500825caf02e1c2). Additionally, review and restrict inputs to the l2filter_add function to ensure addr_len does not exceed the maximum allowed length. [1]