Riot-Os Riot vulnerabilities
40 known vulnerabilities affecting riot-os/riot.
Total CVEs
40
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL18HIGH20MEDIUM2
Vulnerabilities
Page 1 of 2
CVE-2025-66647P2CRITICALCVSS 9.8fixed in 2025.10v2025.102025-12-17
CVE-2025-66647 [CRITICAL] CWE-120 CVE-2025-66647: RIOT is an open-source microcontroller operating system, designed to match the requirements of Inter
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. A vulnerability was discovered in the IPv6 fragmentation reassembly implementation of RIOT OS v2025.07. When copying the contents of the first fragment (offset=0) into the reassembly buffer, no
nvd
CVE-2026-22213P2CRITICALCVSS 9.8fixed in 2025.10v2026.012026-01-12
CVE-2026-22213 [CRITICAL] CWE-121 CVE-2026-22213: RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnera
RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the tapslip6 utility. The vulnerability is caused by unsafe string concatenation in the devopen() function, which constructs a device path using unbounded user-controlled input. The utility uses strcpy() and strcat() to concatenate the fix
nvd
CVE-2026-22214P2CRITICALCVSS 9.8fixed in 2025.10v2026.012026-01-12
CVE-2026-22214 [CRITICAL] CWE-121 CVE-2026-22214: RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnera
RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the ethos utility due to missing bounds checking when processing incoming serial frame data. The vulnerability occurs in the _handle_char() function, where incoming frame bytes are appended to a fixed-size stack buffer without verifying th
nvd
CVE-2023-33975P2CRITICALCVSS 9.8≤ 2023.012023-05-30
CVE-2023-33975 [CRITICAL] CWE-119 CVE-2023-33975: RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the
RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In version 2023.01 and prior, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metada
nvd
CVE-2025-53888P2CRITICALCVSS 9.8≤ 2025.042025-07-18
CVE-2025-53888 [CRITICAL] CWE-120 CVE-2025-53888: RIOT-OS, an operating system that supports Internet of Things devices, has an ineffective size check
RIOT-OS, an operating system that supports Internet of Things devices, has an ineffective size check implemented with `assert()` can lead to buffer overflow in versions up to and including 2025.04. Assertions are usually compiled out in production builds. If assertions are the only defense against untrusted inputs, the software may be exposed to a
nvd
CVE-2026-25139P3CRITICALCVSS 9.1≤ 2025.102026-02-04
CVE-2026-25139 [CRITICAL] CWE-125 CVE-2026-25139: RIOT is an open-source microcontroller operating system, designed to match the requirements of Inter
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. In version 2025.10 and prior, multiple out-of-bounds read allow any unauthenticated user, with ability to send or manipulate input packets, to read adjacent memory locations, or crash a vulnera
nvd
CVE-2023-24819P3CRITICALCVSS 9.8fixed in 2022.102023-04-24
CVE-2023-24819 [CRITICAL] CWE-131 CVE-2023-24819: RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metada
nvd
CVE-2023-24823P3CRITICALCVSS 9.8fixed in 2022.102023-04-24
CVE-2023-24823 [CRITICAL] CWE-787 CVE-2023-24823: RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a type confusion between IPv6 extension headers and a UDP header. This occurs while encoding a 6LoWPAN IPHC header. The
nvd
CVE-2026-27703P3CRITICALCVSS 9.8≤ 2026.012026-03-11
CVE-2026-27703 [CRITICAL] CWE-787 CVE-2026-27703: RIOT is an open-source microcontroller operating system, designed to match the requirements of Inter
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. In 2026.01 and earlier, the default handler for the well_known_core resource coap_well_known_core_default_handler writes user-provided option data and other data into a fixed size buffer withou
nvd
CVE-2024-32018P3CRITICALCVSS 9.0≤ 2024.012024-05-01
CVE-2024-32018 [CRITICAL] CWE-120 CVE-2024-32018: RIOT is a real-time multi-threading operating system that supports a range of devices that are typic
RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. Most codebases define assertion macros which compile to a no-op on non-debug builds. If assertions are the only line of defense against untrusted input, the software may be exposed to attacks that leve
nvd
CVE-2024-31225P3CRITICALCVSS 9.0fixed in 2024.01≤ 2023.102024-05-01
CVE-2024-31225 [CRITICAL] CWE-120 CVE-2024-31225: RIOT is a real-time multi-threading operating system that supports a range of devices that are typic
RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The `_on_rd_init()` function does not implement a size check before copying data to the `_result_buf` static buffer. If an attacker can craft a long enough payload, they could cause a buffer overflow.
nvd
CVE-2024-32017P3CRITICALCVSS 9.0≤ 2024.012024-05-01
CVE-2024-32017 [CRITICAL] CWE-120 CVE-2024-32017: RIOT is a real-time multi-threading operating system that supports a range of devices that are typic
RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The size check in the `gcoap_dns_server_proxy_get()` function contains a small typo that may lead to a buffer overflow in the subsequent `strcpy()`. In detail, the length of the `_uri` string is checke
nvd
CVE-2019-1000006P3CRITICALCVSS 9.8≥ 2017.04, < 2018.10.12019-02-04
CVE-2019-1000006 [CRITICAL] CWE-787 CVE-2019-1000006: RIOT RIOT-OS version after commit 7af03ab624db0412c727eed9ab7630a5282e2fd3 contains a Buffer Overflo
RIOT RIOT-OS version after commit 7af03ab624db0412c727eed9ab7630a5282e2fd3 contains a Buffer Overflow vulnerability in sock_dns, an implementation of the DNS protocol utilizing the RIOT sock API that can result in Remote code executing. This attack appears to be exploitable via network connectivity.
nvd
CVE-2021-27427P3CRITICALCVSS 9.8v2020.01.12022-05-03
CVE-2021-27427 [CRITICAL] CWE-190 CVE-2021-27427: RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its implementation of calloc funct
RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its implementation of calloc function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
nvd
CVE-2020-15350P3CRITICALCVSS 9.8v2020.042020-07-07
CVE-2020-15350 [CRITICAL] CWE-119 CVE-2020-15350: RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding function base64_decode() uses
RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding function base64_decode() uses an output buffer estimation function to compute the required buffer capacity and validate against the provided buffer size. The base64_estimate_decode_size() function calculates the expected decoded size with an arithmetic round-off error and does
nvd
CVE-2021-27697P3CRITICALCVSS 9.8v2021.012021-04-06
CVE-2021-27697 [CRITICAL] CWE-120 CVE-2021-27697: RIOT-OS 2021.01 contains a buffer overflow vulnerability in sys/net/gnrc/routing/rpl/gnrc_rpl_valida
RIOT-OS 2021.01 contains a buffer overflow vulnerability in sys/net/gnrc/routing/rpl/gnrc_rpl_validation.c through the gnrc_rpl_validation_options() function.
nvd
CVE-2021-27698P3CRITICALCVSS 9.8v2021.012021-04-06
CVE-2021-27698 [CRITICAL] CWE-120 CVE-2021-27698: RIOT-OS 2021.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_contr
RIOT-OS 2021.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c through the _parse_options() function.
nvd
CVE-2021-27357P3CRITICALCVSS 9.8v2021.012021-04-06
CVE-2021-27357 [CRITICAL] CWE-120 CVE-2021-27357: RIOT-OS 2020.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_contr
RIOT-OS 2020.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c.
nvd
CVE-2025-66646P3HIGHCVSS 7.5fixed in 2025.10v2025.102025-12-17
CVE-2025-66646 [HIGH] CWE-476 CVE-2025-66646: RIOT is an open-source microcontroller operating system, designed to match the requirements of Inter
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. A vulnerability was discovered in the IPv6 fragmentation reassembly implementation of RIOT OS v2025.07. When receiving an fragmented IPv6 packet with fragment offset 0 and an empty payload, the pay
nvd
CVE-2023-24817P3HIGHCVSS 7.5fixed in 2023.042023-05-30
CVE-2023-24817 [HIGH] CWE-119 CVE-2023-24817: RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the
RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device resulting in an integer underflow and out of bounds access in the packet buffer. Triggering the access at the right time will corrupt other
nvd
1 / 2Next →