Riot Security Vulnerabilities and Issues — Riot CVE List

Lucene search

Riot-osRiot

10 matches found

CVE•added 2023/04/24 3:15 p.m.•109 views

CVE-2023-24819

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be used...

9.8CVSS9.8AI score0.00392EPSS

CVE•added 2022/05/03 9:15 p.m.•62 views

CVE-2021-27427

RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its implementation of calloc function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.

9.8CVSS8.7AI score0.02114EPSS

CVE•added 2020/07/07 5:15 p.m.•54 views

CVE-2020-15350

RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding function base64_decode() uses an output buffer estimation function to compute the required buffer capacity and validate against the provided buffer size. The base64_estimate_decode_size() function calculates the expected decoded...

9.8CVSS9.6AI score0.00459EPSS

CVE•added 2024/05/01 7:15 a.m.•49 views

CVE-2024-32017

RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The size check in the gcoap_dns_server_proxy_get() function contains a small typo that may lead to a buffer overflow in the subsequent strcpy(). In det...

9.8CVSS9.9AI score0.00187EPSS

CVE•added 2023/05/30 6:15 p.m.•42 views

CVE-2023-33975

RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In version 2023.01 and prior, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be used...

9.8CVSS9.6AI score0.00349EPSS

CVE•added 2019/02/04 9:29 p.m.•37 views

CVE-2019-1000006

RIOT RIOT-OS version after commit 7af03ab624db0412c727eed9ab7630a5282e2fd3 contains a Buffer Overflow vulnerability in sock_dns, an implementation of the DNS protocol utilizing the RIOT sock API that can result in Remote code executing. This attack appears to be exploitable via network connectivity...

9.8CVSS9.4AI score0.00385EPSS

CVE•added 2021/04/06 1:15 p.m.•36 views

CVE-2021-27698

RIOT-OS 2021.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c through the _parse_options() function.

9.8CVSS9.6AI score0.00459EPSS

CVE•added 2021/04/06 1:15 p.m.•35 views

CVE-2021-27357

RIOT-OS 2020.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c.

9.8CVSS9.6AI score0.00459EPSS

CVE•added 2021/04/06 1:15 p.m.•25 views

CVE-2021-27697

RIOT-OS 2021.01 contains a buffer overflow vulnerability in sys/net/gnrc/routing/rpl/gnrc_rpl_validation.c through the gnrc_rpl_validation_options() function.

9.8CVSS9.6AI score0.00459EPSS

CVE•added 2023/04/24 4:15 p.m.•24 views

CVE-2023-24823

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a type confusion between IPv6 extension headers and a UDP header. Thi...

9.8CVSS9.8AI score0.00458EPSS