103 matches found
CVE-2021-27357
RIOT-OS 2020.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrcrplcontrolmessages.c...
EUVD-2021-14440
Malware in sbrugna...
EUVD-2021-18550
Malware in sbrugna...
EUVD-2021-14117
Malware in sbrugna...
EUVD-2023-28812
Malicious code in bioql PyPI...
EUVD-2023-38100
Malicious code in bioql PyPI...
EUVD-2023-38099
Malicious code in bioql PyPI...
EUVD-2023-28816
Malicious code in bioql PyPI...
EUVD-2023-28815
Malicious code in bioql PyPI...
EUVD-2023-28819
Malicious code in bioql PyPI...
CVE-2025-53888
RIOT-OS, an operating system that supports Internet of Things devices, has an ineffective size check implemented with assert can lead to buffer overflow in versions up to and including 2025.04. Assertions are usually compiled out in production builds. If assertions are the only defense against...
CVE-2025-53888 RIOT-OS has an ineffective size check that can lead to buffer overflow in link layer address filter /sys/net/link_layer/l2filter/l2filter.c
RIOT-OS, an operating system that supports Internet of Things devices, has an ineffective size check implemented with assert can lead to buffer overflow in versions up to and including 2025.04. Assertions are usually compiled out in production builds. If assertions are the only defense against...
CVE-2023-24823
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a type confusion between IPv6 extension headers and a UDP header...
CVE-2024-52802 RIOT-OS missing dhcpv6_opt_t minimum header length check
RIOT is an operating system for internet of things IoT devices. In version 2024.04 and prior, the function parseadvertise, located in /sys/net/applicationlayer/dhcpv6/client.c, has no minimum header length check for dhcpv6optt after processing dhcpv6msgt. This omission could lead to an out-of-bou...
CVE-2024-52802 RIOT-OS missing dhcpv6_opt_t minimum header length check
RIOT is an operating system for internet of things IoT devices. In version 2024.04 and prior, the function parseadvertise, located in /sys/net/applicationlayer/dhcpv6/client.c, has no minimum header length check for dhcpv6optt after processing dhcpv6msgt. This omission could lead to an out-of-bou...
CVE-2023-33975
RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. In version 2023.01 and prior, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be used...
Design/Logic Flaw
RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. In version 2023.01 and prior, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be used...
CVE-2023-33974
RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send multiple crafted frames to the device to trigger a race condition. The race condition invalidates assumptions...
CVE-2023-33973
RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send a crafted frame which is forwarded by the device. During encoding of the packet a NULL pointer dereference...
CVE-2023-24826
RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send crafted frames to the device to trigger the usage of an uninitialized object leading to denial of service. This issu...