Lucene search
K

79 matches found

OSV
OSV
added 2025/12/17 8:21 p.m.10 views

CVE-2025-66647 RIOT OS has buffer overflow in gnrc_ipv6_ext_frag_reass

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. A vulnerability was discovered in the IPv6 fragmentation reassembly implementation of RIOT OS v2025.07. When copying the contents of the first...

6.3CVSS7.9AI score0.00817EPSS
Exploits1References8
CVE
CVE
added 2025/12/17 7:18 p.m.16 views

CVE-2025-66646

CVE-2025-66646 affects RIOT OS, specifically in the IPv6 fragmentation reassembly (gnrc_ipv6_ext_frag). When a fragmented IPv6 packet with fragment offset 0 and an empty payload is processed, the payload pointer is set to NULL but the code still copies into the reassembly buffer, causing a NULL p...

7.5CVSS6.6AI score0.00571EPSS
Exploits1References10Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.8 views

PT-2025-51894

Name of the Vulnerable Software and Affected Versions RIOT versions prior to 2025.10 Description RIOT OS, designed for IoT and embedded devices, contains a flaw in its IPv6 fragmentation reassembly process. Specifically, the implementation lacks a size check when copying the first fragment offset...

9.8CVSS8AI score0.00817EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-18547

Malware in sbrugna...

7.5CVSS7.6AI score0.01345EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-18549

Malware in sbrugna...

7.5CVSS7.6AI score0.01345EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-28811

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00635EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-29856

Malicious code in bioql PyPI...

9CVSS6.6AI score0.01466EPSS
Exploits2References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-52226

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00726EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/07/18 12:0 a.m.6 views

RIOT 安全漏洞

RIOT is RIOT's open source set of operating systems for applications in the Internet of Things IoT space. A security vulnerability exists in RIOT version 2025.04 and earlier, which stems from an invalid size check and could lead to a buffer overflow...

9.8CVSS6.9AI score0.00714EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 7:46 a.m.8 views

CVE-2024-31225

RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The onrdinit function does not implement a size check before copying data to the resultbuf static buffer. If an attacker can craft a long enough...

9CVSS8.2AI score0.01237EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:14 a.m.6 views

CVE-2024-53980

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. A malicious actor can send a IEEE 802.15.4 packet with spoofed length byte and optionally spoofed FCS, which eventually results into an endless...

7.5CVSS7AI score0.00726EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:13 a.m.3 views

CVE-2023-24818

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference. During forwarding of a fragment an...

7.5CVSS6.9AI score0.01212EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:18 p.m.13 views

CVE-2024-52802

RIOT is an operating system for internet of things IoT devices. In version 2024.04 and prior, the function parseadvertise, located in /sys/net/applicationlayer/dhcpv6/client.c, has no minimum header length check for dhcpv6optt after processing dhcpv6msgt. This omission could lead to an out-of-bou...

7.5CVSS6.8AI score0.00728EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:6 a.m.8 views

CVE-2024-32017

RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The size check in the gcoapdnsserverproxyget function contains a small typo that may lead to a buffer overflow in the subsequent strcpy. In detail, t...

9.8CVSS8.3AI score0.01476EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:1 a.m.11 views

CVE-2024-32018

RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. Most codebases define assertion macros which compile to a no-op on non-debug builds. If assertions are the only line of defense against untrusted...

9CVSS8.2AI score0.01466EPSS
Exploits2References1
NVD
NVD
added 2024/11/22 4:15 p.m.17 views

CVE-2024-52802

RIOT is an operating system for internet of things IoT devices. In version 2024.04 and prior, the function parseadvertise, located in /sys/net/applicationlayer/dhcpv6/client.c, has no minimum header length check for dhcpv6optt after processing dhcpv6msgt. This omission could lead to an out-of-bou...

7.5CVSS0.00728EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/11/22 12:0 a.m.5 views

RIOT 缓冲区错误漏洞

RIOT is RIOT's open source set of operating systems for applications in the Internet of Things IoT space. A buffer error vulnerability exists in RIOT 2024.04 and prior versions that stems from the lack of a minimum header length check, which could lead to remote reading and thus system...

7.5CVSS6.8AI score0.00728EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/05/01 6:14 a.m.22 views

CVE-2024-32017 Buffer overflows in RIOT

RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The size check in the gcoapdnsserverproxyget function contains a small typo that may lead to a buffer overflow in the subsequent strcpy. In detail, t...

9.8CVSS8.3AI score0.01476EPSS
Exploits2References5
OSV
OSV
added 2024/05/01 6:13 a.m.4 views

CVE-2024-31225 Lack of size check and buffer overflow in RIOT

RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The onrdinit function does not implement a size check before copying data to the resultbuf static buffer. If an attacker can craft a long enough...

8.3CVSS8.1AI score0.01237EPSS
Exploits2References6
CNNVD
CNNVD
added 2024/05/01 12:0 a.m.2 views

RIOT RIOT-OS 缓冲区错误漏洞

RIOT RIOT-OS is an operating system for applications in the Internet of Things IoT space. A security vulnerability exists in RIOT RIOT-OS that stems from a lack of proper input checking and may result in a RIOT buffer overflow via assert...

9CVSS7.2AI score0.01466EPSS
Exploits2References4
Rows per page
Query Builder