74 matches found
CVE-2026-27703
RIOT OS contains a vulnerability in the default handler for the well_known_core COAP resource (coap_well_known_core_default_handler) where unvalidated user-provided data is copied into a fixed-size buffer, enabling stack corruption and potentially arbitrary code execution or denial of service. Af...
EUVD-2026-11305
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In 2026.01 and earlier, the default handler for the wellknowncore resource coapwellknowncoredefaulthandler writes user-provided option data and...
CVE-2026-27703 RIOT has an Out-of-Bounds Write in nanoCoAP Handler
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In 2026.01 and earlier, the default handler for the wellknowncore resource coapwellknowncoredefaulthandler writes user-provided option data and...
RIOT 缓冲区错误漏洞
RIOT is an open-source operating system designed for the Internet of Things. Versions of RIOT prior to 2026.01 contain a buffer error vulnerability. This vulnerability stems from insufficient validation of buffer boundaries, which could allow attackers to corrupt adjacent stack locations, resulti...
PT-2026-24801
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In 2026.01 and earlier, the default handler for the well known core resource coap well known core default handler writes user-provided option...
CVE-2026-25139
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In version 2025.10 and prior, multiple out-of-bounds read allow any unauthenticated user, with ability to send or manipulate input packets, to...
CVE-2026-25139 RIOT Vulnerable to Multiple Out-of-Bounds Read When Processing Received 6LoWPAN SFR Fragments
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In version 2025.10 and prior, multiple out-of-bounds read allow any unauthenticated user, with ability to send or manipulate input packets, to...
CVE-2026-25139 RIOT Vulnerable to Multiple Out-of-Bounds Read When Processing Received 6LoWPAN SFR Fragments
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In version 2025.10 and prior, multiple out-of-bounds read allow any unauthenticated user, with ability to send or manipulate input packets, to...
CVE-2026-25139
RIOT OS vulnerable to multiple out-of-bounds reads in 6LoWPAN processing for version 2025.10 and prior. An unauthenticated attacker who can send/manipulate input packets can read adjacent memory or crash the device because the received packet is cast into a sixlowpan_sfr_rfrag_t struct and derefe...
EUVD-2026-5374
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In version 2025.10 and prior, multiple out-of-bounds read allow any unauthenticated user, with ability to send or manipulate input packets, to...
RIOT 缓冲区错误漏洞
RIOT is an open-source operating system designed for the Internet of Things. Versions of RIOT prior to 2025.10 contain a buffer error vulnerability. This vulnerability stems from multiple out-of-bounds read vulnerabilities, which may lead to reading adjacent memory locations or causing device...
PT-2026-6269
Name of the Vulnerable Software and Affected Versions RIOT versions 2025.10 and prior Description The RIOT operating system, designed for IoT and embedded devices, contains an issue where out-of-bounds read operations can occur. An unauthenticated user capable of sending or manipulating input...
CVE-2026-22214
RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the ethos utility due to missing bounds checking when processing incoming serial frame data. The vulnerability occurs in the handlechar function, where incoming frame bytes are appended t...
CVE-2026-22214
RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the ethos utility due to missing bounds checking when processing incoming serial frame data. The vulnerability occurs in the handlechar function, where incoming frame bytes are appended t...
RIOT OS 安全漏洞
RIOT OS is an IoT operating system from RIOT Open Source. A security vulnerability exists in RIOT OS version 2026.01-devel-317 and earlier, which stems from a lack of boundary checking when the ethos tool handles serial frame data, which could lead to memory corruption and application crashes...
PT-2026-2322
Name of the Vulnerable Software and Affected Versions RIOT OS versions up to and including 2026.01-devel-317 Description RIOT OS versions up to and including 2026.01-devel-317 have a stack-based buffer overflow issue in the tapslip6 utility. This is due to unsafe string concatenation within the...
CVE-2021-41061
In RIOT-OS 2021.01, nonce reuse in 802.15.4 encryption in the ieee820154security component allows attackers to break encryption by triggering reboots...
CVE-2025-66647 RIOT OS has buffer overflow in gnrc_ipv6_ext_frag_reass
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. A vulnerability was discovered in the IPv6 fragmentation reassembly implementation of RIOT OS v2025.07. When copying the contents of the first...
EUVD-2025-203946
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. A vulnerability was discovered in the IPv6 fragmentation reassembly implementation of RIOT OS v2025.07. When copying the contents of the first...
CVE-2025-66647 RIOT OS has buffer overflow in gnrc_ipv6_ext_frag_reass
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. A vulnerability was discovered in the IPv6 fragmentation reassembly implementation of RIOT OS v2025.07. When copying the contents of the first...