Riot-Os Riot vulnerabilities
40 known vulnerabilities affecting riot-os/riot.
Total CVEs
40
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL18HIGH20MEDIUM2
Vulnerabilities
Page 2 of 2
CVE-2023-33973P3HIGHCVSS 7.5≤ 2023.012023-05-30
CVE-2023-33973 [HIGH] CWE-476 CVE-2023-33973: RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the
RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send a crafted frame which is forwarded by the device. During encoding of the packet a NULL pointer dereference occurs. This crashes the device leading to denial of servi
nvd
CVE-2023-24820P3HIGHCVSS 7.5fixed in 2022.102023-04-24
CVE-2023-24820 [HIGH] CWE-191 CVE-2023-24820: RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. An attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write will create a hard fault exception after reaching the last page of RAM. The hard faul
nvd
CVE-2023-24821P3HIGHCVSS 7.5fixed in 2022.102023-04-24
CVE-2023-24821 [HIGH] CWE-191 CVE-2023-24821: RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write will create a hard fault exception after reaching the last
nvd
CVE-2023-24826P3HIGHCVSS 7.5fixed in 2023.042023-05-30
CVE-2023-24826 [HIGH] CWE-824 CVE-2023-24826: RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the
RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send crafted frames to the device to trigger the usage of an uninitialized object leading to denial of service. This issue is fixed in version 2023.04. As a workaround, disabl
nvd
CVE-2023-24818P3HIGHCVSS 7.5fixed in 2022.102023-04-24
CVE-2023-24818 [HIGH] CWE-476 CVE-2023-24818: RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference. During forwarding of a fragment an uninitialized entry in the reassembly buffer is used. The NU
nvd
CVE-2023-24825P3HIGHCVSS 7.5fixed in 2023.042023-05-30
CVE-2023-24825 [HIGH] CWE-252 CVE-2023-24825: RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the
RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device to trigger a NULL pointer dereference leading to denial of service. This issue is fixed in version 2023.04. There are no known workarounds.
nvd
CVE-2024-52802P3HIGHCVSS 7.5≤ 2024.042024-11-22
CVE-2024-52802 [HIGH] CWE-20 CVE-2024-52802: RIOT is an operating system for internet of things (IoT) devices. In version 2024.04 and prior, the
RIOT is an operating system for internet of things (IoT) devices. In version 2024.04 and prior, the function `_parse_advertise`, located in `/sys/net/application_layer/dhcpv6/client.c`, has no minimum header length check for `dhcpv6_opt_t` after processing `dhcpv6_msg_t`. This omission could lead to an out-of-bound read, causing system inconsistency. Ad
nvd
CVE-2024-53980P3HIGHCVSS 7.5≤ 2024.072024-11-29
CVE-2024-53980 [HIGH] CWE-835 CVE-2024-53980: RIOT is an open-source microcontroller operating system, designed to match the requirements of Inter
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. A malicious actor can send a IEEE 802.15.4 packet with spoofed length byte and optionally spoofed FCS, which eventually results into an endless loop on a CC2538 as receiver. Before PR #20998, the r
nvd
CVE-2023-24822P3HIGHCVSS 7.5fixed in 2022.102023-04-24
CVE-2023-24822 [HIGH] CWE-476 CVE-2023-24822: RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference while encoding a 6LoWPAN IPHC header. The NULL pointer dereference causes a hard fault exception
nvd
CVE-2021-31663P3HIGHCVSS 7.5v2021.012021-06-18
CVE-2021-31663 [HIGH] CWE-120 CVE-2021-31663: RIOT-OS 2021.01 before commit bc59d60be60dfc0a05def57d74985371e4f22d79 contains a buffer overflow wh
RIOT-OS 2021.01 before commit bc59d60be60dfc0a05def57d74985371e4f22d79 contains a buffer overflow which could allow attackers to obtain sensitive information.
nvd
CVE-2019-16754P3HIGHCVSS 7.5v2019.072019-09-24
CVE-2019-16754 [HIGH] CWE-476 CVE-2019-16754: RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implementation (asymcute), potential
RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implementation (asymcute), potentially allowing an attacker to crash a network node running RIOT. This requires spoofing an MQTT server response. To do so, the attacker needs to know the MQTT MsgID of a pending MQTT protocol message and the ephemeral port used by RIOT's MQTT implementatio
nvd
CVE-2019-17389P3HIGHCVSS 7.5v2019.072019-10-09
CVE-2019-17389 [HIGH] CVE-2019-17389: In RIOT 2019.07, the MQTT-SN implementation (asymcute) mishandles errors occurring during a read ope
In RIOT 2019.07, the MQTT-SN implementation (asymcute) mishandles errors occurring during a read operation on a UDP socket. The receive loop ends. This allows an attacker (via a large packet) to prevent a RIOT MQTT-SN client from working until the device is restarted.
nvd
CVE-2021-31660P3HIGHCVSS 7.5v2021.012021-06-18
CVE-2021-31660 [HIGH] CWE-120 CVE-2021-31660: RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow wh
RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information.
nvd
CVE-2021-31662P3HIGHCVSS 7.5v2021.012021-06-18
CVE-2021-31662 [HIGH] CWE-120 CVE-2021-31662: RIOT-OS 2021.01 before commit 07f1254d8537497552e7dce80364aaead9266bbe contains a buffer overflow wh
RIOT-OS 2021.01 before commit 07f1254d8537497552e7dce80364aaead9266bbe contains a buffer overflow which could allow attackers to obtain sensitive information.
nvd
CVE-2021-31664P3HIGHCVSS 7.5v2021.012021-06-18
CVE-2021-31664 [HIGH] CWE-120 CVE-2021-31664: RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow wh
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
nvd
CVE-2021-31661P3HIGHCVSS 7.5v2021.012021-06-18
CVE-2021-31661 [HIGH] CWE-120 CVE-2021-31661: RIOT-OS 2021.01 before commit 609c9ada34da5546cffb632a98b7ba157c112658 contains a buffer overflow th
RIOT-OS 2021.01 before commit 609c9ada34da5546cffb632a98b7ba157c112658 contains a buffer overflow that could allow attackers to obtain sensitive information.
nvd
CVE-2019-15134P3HIGHCVSS 7.5≤ 2019.072019-08-17
CVE-2019-15134 [HIGH] CWE-401 CVE-2019-15134: RIOT through 2019.07 contains a memory leak in the TCP implementation (gnrc_tcp), allowing an attack
RIOT through 2019.07 contains a memory leak in the TCP implementation (gnrc_tcp), allowing an attacker to consume all memory available for network packets and thus effectively stopping all network threads from working. This is related to _receive in sys/net/gnrc/transport_layer/tcp/gnrc_tcp_eventloop.c upon receiving an ACK before a SYN.
nvd
CVE-2019-15702P3HIGHCVSS 7.5≤ 2019.072019-08-27
CVE-2019-15702 [HIGH] CWE-835 CVE-2019-15702: In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the parser for TCP options does not te
In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the parser for TCP options does not terminate on all inputs, allowing a denial-of-service, because sys/net/gnrc/transport_layer/tcp/gnrc_tcp_option.c has an infinite loop for an unknown zero-length option.
nvd
CVE-2023-33974P4MEDIUMCVSS 5.9≤ 2023.012023-05-30
CVE-2023-33974 [MEDIUM] CWE-362 CVE-2023-33974: RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the
RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send multiple crafted frames to the device to trigger a race condition. The race condition invalidates assumptions about the program state and leads to an invalid memor
nvd
CVE-2021-41061P4MEDIUMCVSS 5.5v2021.012021-09-15
CVE-2021-41061 [MEDIUM] CWE-330 CVE-2021-41061: In RIOT-OS 2021.01, nonce reuse in 802.15.4 encryption in the ieee820154_security component allows a
In RIOT-OS 2021.01, nonce reuse in 802.15.4 encryption in the ieee820154_security component allows attackers to break encryption by triggering reboots.
nvd
← Previous2 / 2