Vulnerabilities > Riot OS

DATE CVE VULNERABILITY TITLE RISK
2021-04-06 CVE-2021-27697 Classic Buffer Overflow vulnerability in Riot-Os Riot 2021.01
RIOT-OS 2021.01 contains a buffer overflow vulnerability in sys/net/gnrc/routing/rpl/gnrc_rpl_validation.c through the gnrc_rpl_validation_options() function.
network
low complexity
riot-os CWE-120
critical
9.8
2021-04-06 CVE-2021-27357 Classic Buffer Overflow vulnerability in Riot-Os Riot 2021.01
RIOT-OS 2020.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c.
network
low complexity
riot-os CWE-120
critical
9.8
2020-07-07 CVE-2020-15350 Incorrect Calculation of Buffer Size vulnerability in Riot-Os Riot 2020.04
RIOT 2020.04 has a buffer overflow in the base64 decoder.
network
low complexity
riot-os CWE-131
critical
9.8
2019-10-09 CVE-2019-17389 Unspecified vulnerability in Riot-Os Riot 2019.07
In RIOT 2019.07, the MQTT-SN implementation (asymcute) mishandles errors occurring during a read operation on a UDP socket.
network
low complexity
riot-os
7.5
2019-09-24 CVE-2019-16754 NULL Pointer Dereference vulnerability in Riot-Os Riot 2019.07
RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implementation (asymcute), potentially allowing an attacker to crash a network node running RIOT.
network
low complexity
riot-os CWE-476
7.5
2019-08-27 CVE-2019-15702 Infinite Loop vulnerability in Riot-Os Riot
In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the parser for TCP options does not terminate on all inputs, allowing a denial-of-service, because sys/net/gnrc/transport_layer/tcp/gnrc_tcp_option.c has an infinite loop for an unknown zero-length option.
network
low complexity
riot-os CWE-835
7.5
2019-08-17 CVE-2019-15134 Memory Leak vulnerability in Riot-Os Riot
RIOT through 2019.07 contains a memory leak in the TCP implementation (gnrc_tcp), allowing an attacker to consume all memory available for network packets and thus effectively stopping all network threads from working.
network
low complexity
riot-os CWE-401
7.5
2019-02-04 CVE-2019-1000006 Out-of-bounds Write vulnerability in Riot-Os Riot
RIOT RIOT-OS version after commit 7af03ab624db0412c727eed9ab7630a5282e2fd3 contains a Buffer Overflow vulnerability in sock_dns, an implementation of the DNS protocol utilizing the RIOT sock API that can result in Remote code executing.
network
low complexity
riot-os CWE-787
critical
9.8