VYPR

Riot

by Riot OS

Source repositories

CVEs (38)

  • CVE-2023-24821Apr 24, 2023
    risk 0.00cvss epss 0.01

    RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet…

  • CVE-2023-24820Apr 24, 2023
    risk 0.00cvss epss 0.01

    RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. An attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write will create…

  • CVE-2023-24819Apr 24, 2023
    risk 0.00cvss epss 0.01

    RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The…

  • CVE-2023-24818Apr 24, 2023
    risk 0.00cvss epss 0.01

    RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference. During forwarding of…

  • CVE-2021-27427May 3, 2022
    risk 0.00cvss epss 0.02

    RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its implementation of calloc function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.

  • CVE-2021-41061Sep 15, 2021
    risk 0.00cvss epss 0.00

    In RIOT-OS 2021.01, nonce reuse in 802.15.4 encryption in the ieee820154_security component allows attackers to break encryption by triggering reboots.

  • CVE-2021-31660Jun 18, 2021
    risk 0.00cvss epss 0.01

    RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information.

  • CVE-2021-31662Jun 18, 2021
    risk 0.00cvss epss 0.01

    RIOT-OS 2021.01 before commit 07f1254d8537497552e7dce80364aaead9266bbe contains a buffer overflow which could allow attackers to obtain sensitive information.

  • CVE-2021-31663Jun 18, 2021
    risk 0.00cvss epss 0.02

    RIOT-OS 2021.01 before commit bc59d60be60dfc0a05def57d74985371e4f22d79 contains a buffer overflow which could allow attackers to obtain sensitive information.

  • CVE-2021-31664Jun 18, 2021
    risk 0.00cvss epss 0.01

    RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.

  • CVE-2021-27698Apr 6, 2021
    risk 0.00cvss epss 0.01

    RIOT-OS 2021.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c through the _parse_options() function.

  • CVE-2021-27697Apr 6, 2021
    risk 0.00cvss epss 0.01

    RIOT-OS 2021.01 contains a buffer overflow vulnerability in sys/net/gnrc/routing/rpl/gnrc_rpl_validation.c through the gnrc_rpl_validation_options() function.

  • CVE-2021-27357Apr 6, 2021
    risk 0.00cvss epss 0.01

    RIOT-OS 2020.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c.

  • CVE-2020-15350Jul 7, 2020
    risk 0.00cvss epss 0.01

    RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding function base64_decode() uses an output buffer estimation function to compute the required buffer capacity and validate against the provided buffer size. The base64_estimate_decode_size() function calculates…

  • CVE-2019-17389Oct 9, 2019
    risk 0.00cvss epss 0.01

    In RIOT 2019.07, the MQTT-SN implementation (asymcute) mishandles errors occurring during a read operation on a UDP socket. The receive loop ends. This allows an attacker (via a large packet) to prevent a RIOT MQTT-SN client from working until the device is restarted.

  • CVE-2019-16754Sep 24, 2019
    risk 0.00cvss epss 0.01

    RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implementation (asymcute), potentially allowing an attacker to crash a network node running RIOT. This requires spoofing an MQTT server response. To do so, the attacker needs to know the MQTT MsgID of a pending MQTT…

  • CVE-2019-15702Aug 27, 2019
    risk 0.00cvss epss 0.01

    In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the parser for TCP options does not terminate on all inputs, allowing a denial-of-service, because sys/net/gnrc/transport_layer/tcp/gnrc_tcp_option.c has an infinite loop for an unknown zero-length option.

  • CVE-2019-1000006Feb 4, 2019
    risk 0.00cvss epss 0.02

    RIOT RIOT-OS version after commit 7af03ab624db0412c727eed9ab7630a5282e2fd3 contains a Buffer Overflow vulnerability in sock_dns, an implementation of the DNS protocol utilizing the RIOT sock API that can result in Remote code executing. This attack appears to be exploitable via…

Page 2 of 2