79 matches found
CVE-2025-66647 RIOT OS has buffer overflow in gnrc_ipv6_ext_frag_reass
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. A vulnerability was discovered in the IPv6 fragmentation reassembly implementation of RIOT OS v2025.07. When copying the contents of the first...
CVE-2025-66646
CVE-2025-66646 affects RIOT OS, specifically in the IPv6 fragmentation reassembly (gnrc_ipv6_ext_frag). When a fragmented IPv6 packet with fragment offset 0 and an empty payload is processed, the payload pointer is set to NULL but the code still copies into the reassembly buffer, causing a NULL p...
PT-2025-51894
Name of the Vulnerable Software and Affected Versions RIOT versions prior to 2025.10 Description RIOT OS, designed for IoT and embedded devices, contains a flaw in its IPv6 fragmentation reassembly process. Specifically, the implementation lacks a size check when copying the first fragment offset...
EUVD-2021-18547
Malware in sbrugna...
EUVD-2021-18549
Malware in sbrugna...
EUVD-2023-28811
Malicious code in bioql PyPI...
EUVD-2024-29856
Malicious code in bioql PyPI...
EUVD-2024-52226
Malicious code in bioql PyPI...
RIOT 安全漏洞
RIOT is RIOT's open source set of operating systems for applications in the Internet of Things IoT space. A security vulnerability exists in RIOT version 2025.04 and earlier, which stems from an invalid size check and could lead to a buffer overflow...
CVE-2024-31225
RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The onrdinit function does not implement a size check before copying data to the resultbuf static buffer. If an attacker can craft a long enough...
CVE-2024-53980
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. A malicious actor can send a IEEE 802.15.4 packet with spoofed length byte and optionally spoofed FCS, which eventually results into an endless...
CVE-2023-24818
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference. During forwarding of a fragment an...
CVE-2024-52802
RIOT is an operating system for internet of things IoT devices. In version 2024.04 and prior, the function parseadvertise, located in /sys/net/applicationlayer/dhcpv6/client.c, has no minimum header length check for dhcpv6optt after processing dhcpv6msgt. This omission could lead to an out-of-bou...
CVE-2024-32017
RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The size check in the gcoapdnsserverproxyget function contains a small typo that may lead to a buffer overflow in the subsequent strcpy. In detail, t...
CVE-2024-32018
RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. Most codebases define assertion macros which compile to a no-op on non-debug builds. If assertions are the only line of defense against untrusted...
CVE-2024-52802
RIOT is an operating system for internet of things IoT devices. In version 2024.04 and prior, the function parseadvertise, located in /sys/net/applicationlayer/dhcpv6/client.c, has no minimum header length check for dhcpv6optt after processing dhcpv6msgt. This omission could lead to an out-of-bou...
RIOT 缓冲区错误漏洞
RIOT is RIOT's open source set of operating systems for applications in the Internet of Things IoT space. A buffer error vulnerability exists in RIOT 2024.04 and prior versions that stems from the lack of a minimum header length check, which could lead to remote reading and thus system...
CVE-2024-32017 Buffer overflows in RIOT
RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The size check in the gcoapdnsserverproxyget function contains a small typo that may lead to a buffer overflow in the subsequent strcpy. In detail, t...
CVE-2024-31225 Lack of size check and buffer overflow in RIOT
RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The onrdinit function does not implement a size check before copying data to the resultbuf static buffer. If an attacker can craft a long enough...
RIOT RIOT-OS 缓冲区错误漏洞
RIOT RIOT-OS is an operating system for applications in the Internet of Things IoT space. A security vulnerability exists in RIOT RIOT-OS that stems from a lack of proper input checking and may result in a RIOT buffer overflow via assert...