Riot-os

Riot

39 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.1

CVE-2026-25139

Exploit
  • EPSS 0.13%
  • Veröffentlicht 04.02.2026 17:47:00
  • Zuletzt bearbeitet 20.02.2026 17:08:42

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. In version 2025.10 and prior, multiple out-of-bounds read allow any unauthenticated user, with...

9.8

CVE-2026-22214

Exploit
  • EPSS 0.06%
  • Veröffentlicht 12.01.2026 23:03:23
  • Zuletzt bearbeitet 21.01.2026 17:43:51

RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the ethos utility due to missing bounds checking when processing incoming serial frame data. The vulnerability occurs in the _handle_char() ...

9.8

CVE-2026-22213

Exploit
  • EPSS 0.05%
  • Veröffentlicht 12.01.2026 23:03:05
  • Zuletzt bearbeitet 21.01.2026 17:44:38

RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the tapslip6 utility. The vulnerability is caused by unsafe string concatenation in the devopen() function, which constructs a device path u...

9.8

CVE-2025-66647

Exploit
  • EPSS 0.54%
  • Veröffentlicht 17.12.2025 20:21:13
  • Zuletzt bearbeitet 22.01.2026 16:30:35

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. A vulnerability was discovered in the IPv6 fragmentation reassembly implementation of RIOT OS ...

7.5

CVE-2025-66646

Exploit
  • EPSS 0.23%
  • Veröffentlicht 17.12.2025 19:18:08
  • Zuletzt bearbeitet 22.01.2026 16:22:00

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. A vulnerability was discovered in the IPv6 fragmentation reassembly implementation of RIOT OS ...

9.8

CVE-2025-53888

Exploit
  • EPSS 0.21%
  • Veröffentlicht 18.07.2025 15:32:15
  • Zuletzt bearbeitet 11.09.2025 19:39:31

RIOT-OS, an operating system that supports Internet of Things devices, has an ineffective size check implemented with `assert()` can lead to buffer overflow in versions up to and including 2025.04. Assertions are usually compiled out in production bu...

7.5

CVE-2024-53980

Exploit
  • EPSS 0.55%
  • Veröffentlicht 29.11.2024 19:15:09
  • Zuletzt bearbeitet 05.09.2025 13:57:24

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. A malicious actor can send a IEEE 802.15.4 packet with spoofed length byte and optionally spoo...

7.5

CVE-2024-52802

Exploit
  • EPSS 0.4%
  • Veröffentlicht 22.11.2024 16:15:34
  • Zuletzt bearbeitet 04.09.2025 23:42:07

RIOT is an operating system for internet of things (IoT) devices. In version 2024.04 and prior, the function `_parse_advertise`, located in `/sys/net/application_layer/dhcpv6/client.c`, has no minimum header length check for `dhcpv6_opt_t` after proc...

9

CVE-2024-32017

Exploit
  • EPSS 1.62%
  • Veröffentlicht 01.05.2024 07:15:39
  • Zuletzt bearbeitet 04.09.2025 19:37:00

RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The size check in the `gcoap_dns_server_proxy_get()` function contains a small typo that may lead to a...

9

CVE-2024-32018

Exploit
  • EPSS 2.2%
  • Veröffentlicht 01.05.2024 07:15:39
  • Zuletzt bearbeitet 05.09.2025 13:17:46

RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. Most codebases define assertion macros which compile to a no-op on non-debug builds. If assertions are...