VYPR
Vendor

Riot OS

Products
1
CVEs
38
Across products
38
Status
Private

Products

1

Recent CVEs

38
View all 38 CVEs →
  • CVE-2026-27703Mar 11, 2026
    risk 0.00cvss epss 0.00

    RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. In 2026.01 and earlier, the default handler for the well_known_core resource coap_well_known_core_default_handler writes…

  • CVE-2026-25139Feb 4, 2026
    risk 0.00cvss epss 0.00

    RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. In version 2025.10 and prior, multiple out-of-bounds read allow any unauthenticated user, with ability to send or…

  • CVE-2026-22214Jan 12, 2026
    risk 0.00cvss epss 0.00

    RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the ethos utility due to missing bounds checking when processing incoming serial frame data. The vulnerability occurs in the _handle_char() function, where incoming…

  • CVE-2026-22213Jan 12, 2026
    risk 0.00cvss epss 0.00

    RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the tapslip6 utility. The vulnerability is caused by unsafe string concatenation in the devopen() function, which constructs a device path using unbounded…

  • CVE-2025-66647Dec 17, 2025
    risk 0.00cvss epss 0.01

    RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. A vulnerability was discovered in the IPv6 fragmentation reassembly implementation of RIOT OS v2025.07. When copying the…

  • CVE-2025-66646Dec 17, 2025
    risk 0.00cvss epss 0.01

    RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. A vulnerability was discovered in the IPv6 fragmentation reassembly implementation of RIOT OS v2025.07. When receiving an…

  • CVE-2025-53888Jul 18, 2025
    risk 0.00cvss epss 0.01

    RIOT-OS, an operating system that supports Internet of Things devices, has an ineffective size check implemented with `assert()` can lead to buffer overflow in versions up to and including 2025.04. Assertions are usually compiled out in production builds. If assertions are the…

  • CVE-2024-53980Nov 29, 2024
    risk 0.00cvss epss 0.01

    RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. A malicious actor can send a IEEE 802.15.4 packet with spoofed length byte and optionally spoofed FCS, which eventually…

  • CVE-2024-52802Nov 22, 2024
    risk 0.00cvss epss 0.01

    RIOT is an operating system for internet of things (IoT) devices. In version 2024.04 and prior, the function `_parse_advertise`, located in `/sys/net/application_layer/dhcpv6/client.c`, has no minimum header length check for `dhcpv6_opt_t` after processing `dhcpv6_msg_t`. This…

  • CVE-2024-32018May 1, 2024
    risk 0.00cvss epss 0.01

    RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. Most codebases define assertion macros which compile to a no-op on non-debug builds. If assertions are the only line of defense…

  • CVE-2024-32017May 1, 2024
    risk 0.00cvss epss 0.01

    RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The size check in the `gcoap_dns_server_proxy_get()` function contains a small typo that may lead to a buffer overflow in the…

  • CVE-2024-31225May 1, 2024
    risk 0.00cvss epss 0.01

    RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The `_on_rd_init()` function does not implement a size check before copying data to the `_result_buf` static buffer. If an attacker…

  • CVE-2023-33975May 30, 2023
    risk 0.00cvss epss 0.01

    RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In version 2023.01 and prior, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The…

  • CVE-2023-33974May 30, 2023
    risk 0.00cvss epss 0.01

    RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send multiple crafted frames to the device to trigger a race condition. The race condition…

  • CVE-2023-33973May 30, 2023
    risk 0.00cvss epss 0.01

    RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send a crafted frame which is forwarded by the device. During encoding of the packet a NULL…

  • CVE-2023-24826May 30, 2023
    risk 0.00cvss epss 0.01

    RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send crafted frames to the device to trigger the usage of an uninitialized object leading to denial…

  • CVE-2023-24825May 30, 2023
    risk 0.00cvss epss 0.01

    RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device to trigger a NULL pointer dereference leading to denial of…

  • CVE-2023-24817May 30, 2023
    risk 0.00cvss epss 0.01

    RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device resulting in an integer underflow and out of bounds access in the…

  • CVE-2023-24823Apr 24, 2023
    risk 0.00cvss epss 0.01

    RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a type confusion between IPv6 extension headers…

  • CVE-2023-24822Apr 24, 2023
    risk 0.00cvss epss 0.01

    RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference while encoding a…