CVE-2024-21875 - DoS attack when broadcasting billboard messages

CVE

CVE-2024-21875

Credits

Casper Kuijper
Geert Langendam
Frank Breedijk

Affected products

Product	Affected	Unaffected	Unknown
Badge.team Hacker Hotel Badge 2024 on risc-v	>= semver 0.1.0 to < 0.1.3
Badge.team Hacker Hotel Badge 2024 on risc-v		everything else

CVSS

Base score: 5.7 (MEDIUM)

References

https://csirt.divd.nl/CVE-2024-21875 ( third-party-advisory )
https://github.com/badgeteam/hackerhotel-2024-firmware-esp32c6/pull/64 ( vendor-advisory, issue-tracking, patch, release-notes, technical-description )

Problem type(s)

CWE-770 Allocation of Resources Without Limits or Throttling

Impact(s)

CAPEC-125 Flooding

Last modified

10 Apr 2024 21:52

Description

Allocation of Resources Without Limits or Throttling vulnerability in Badge leading to a denial of service attack.Team Hacker Hotel Badge 2024 on risc-v (billboard modules) allows Flooding.This issue affects Hacker Hotel Badge 2024: from 0.1.0 through 0.1.3.

JSON version

DIVD CSIRT

CVE-2024-21875 - DoS attack when broadcasting billboard messages

Description