Impact

Reception buffer overflow can happen due to the received buffer size not being checked.

Patches

Commit e3063a9 fixes this vulnerability and is available on develop and feature/5.0.0 branches.
Will be released with 4.4.4 version

Workarounds

Patch earlier versions with changes provided by commit e3063a9

References

N/A

For more information

If you have any questions or comments about this advisory:

• Open an issue in https://github.com/Lora-net/LoRaMac-node/issues
• Email us at [email protected]