📦 Riot

CVE-2026-25139 is an out-of-bounds read vulnerability in RIOT OS's 6LoWPAN stack that allows unauthenticated attackers to read adjacent memory or crash IoT devices by sending specially crafted packets...

A buffer overflow vulnerability in RIOT OS's IPv6 fragmentation reassembly allows attackers to corrupt memory by sending specially crafted IPv6 packets. This affects IoT devices running RIOT OS with t...

RIOT-OS versions up to 2025.04 have a buffer overflow vulnerability in the l2filter_add() function where assertions are used for input validation instead of proper checks. When assertions are disabled...

CVE-2024-32017 is a critical buffer overflow vulnerability in RIOT OS's CoAP implementation affecting gcoap_dns_server_proxy_get() and _gcoap_forward_proxy_copy_options() functions. The vulnerability ...

CVE-2023-33975 is a critical memory corruption vulnerability in RIOT-OS's 6LoWPAN network stack that allows remote attackers to execute arbitrary code or cause denial of service via crafted network fr...

CVE-2023-24823 is a critical memory corruption vulnerability in RIOT-OS's 6LoWPAN network stack that allows type confusion between IPv6 extension headers and UDP headers. This leads to out-of-bounds w...

CVE-2023-24819 is a critical buffer overflow vulnerability in RIOT-OS's 6LoWPAN network stack that allows remote attackers to execute arbitrary code or cause denial of service. It affects IoT devices ...

CVE-2021-27357 is a buffer overflow vulnerability in RIOT-OS's RPL routing protocol implementation that allows remote attackers to execute arbitrary code or cause denial of service. This affects devic...

CVE-2021-27698 is a critical buffer overflow vulnerability in RIOT-OS's RPL routing protocol implementation that allows remote code execution. Attackers can exploit this by sending specially crafted R...

A NULL pointer dereference vulnerability in RIOT OS's IPv6 fragmentation reassembly allows remote attackers to crash the operating system by sending specially crafted IPv6 packets. This affects IoT an...

This vulnerability in RIOT OS allows remote attackers to cause a denial-of-service condition on CC2538-based IoT devices by sending specially crafted IEEE 802.15.4 packets. The flaw causes the device ...

This vulnerability in RIOT OS allows attackers to trigger out-of-bounds memory reads by sending malformed DHCPv6 packets to IoT devices. The lack of header length validation in DHCPv6 client functions...

CVE-2024-31225 is a buffer overflow vulnerability in RIOT OS's _on_rd_init() function that lacks bounds checking when copying data to a static buffer. This allows attackers to potentially execute arbi...

CVE-2023-33973 is a NULL pointer dereference vulnerability in RIOT-OS's 6LoWPAN network stack that allows remote attackers to crash IoT devices by sending specially crafted frames. This leads to denia...

CVE-2023-24817 is an integer underflow vulnerability in RIOT-OS's 6LoWPAN network stack that allows attackers to send crafted frames causing out-of-bounds memory access. This can corrupt packet buffer...

CVE-2023-24822 is a NULL pointer dereference vulnerability in RIOT-OS's 6LoWPAN network stack that allows attackers to cause denial of service by sending crafted frames. When exploited, it triggers a ...

CVE-2023-24818 is a NULL pointer dereference vulnerability in RIOT-OS's 6LoWPAN network stack that allows attackers to cause denial of service by sending crafted fragmented frames. The vulnerability a...

CVE-2021-31661 is a buffer overflow vulnerability in RIOT-OS that could allow attackers to read beyond allocated memory boundaries, potentially exposing sensitive information. This affects RIOT-OS 202...

This buffer overflow vulnerability in RIOT-OS allows attackers to read beyond allocated memory boundaries, potentially exposing sensitive information like cryptographic keys or system data. It affects...