CVE-2026-22213

Low CVSS: 2.4

RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the tapslip6 utility. The vulnerability is caused by unsafe string concatenation in the devopen() function, which constructs a device path using unbounded user-controlled input. The utility uses strcpy() and strcat() to concatenate the fixed prefix '/dev/' with a user-supplied device name provided via the -s command-line option without bounds checking. This allows an attacker to supply an excessively long device name and overflow a fixed-size stack buffer, leading to process crashes and memory corruption.

Vendor

Riot-os

Product

Riot

CWE

CWE-121

Yayın Tarihi

2026-01-12 23:15:52

Güncelleme

2026-01-21 17:44:38

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-121 Riot LOW Riot-os 2026

Referanslar

https://github.com/RIOT-OS/RIOT https://seclists.org/fulldisclosure/2026/Jan/15 https://www.riot-os.org/ https://www.vulncheck.com/advisories/riot-os-stack-based-buffer-overflow-in-tapslip6-utility

Benzer Kayıtlar

High

CVE-2026-27703

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT)…

High

CVE-2026-25139

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT)…

Medium

CVE-2026-22214

RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the ethos…

Low

CVE-2025-66647

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT)…

Low

CVE-2025-66646

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT)…

Medium

CVE-2025-53888

RIOT-OS, an operating system that supports Internet of Things devices, has an ineffective size check implemented with `a…