Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
RIOT OS <= 2026.01-devel-317 Stack-Based Buffer Overflow in tapslip6 Utility
Vulnerability Description
RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the tapslip6 utility. The vulnerability is caused by unsafe string concatenation in the devopen() function, which constructs a device path using unbounded user-controlled input. The utility uses strcpy() and strcat() to concatenate the fixed prefix '/dev/' with a user-supplied device name provided via the -s command-line option without bounds checking. This allows an attacker to supply an excessively long device name and overflow a fixed-size stack buffer, leading to process crashes and memory corruption.
CVSS Information
N/A
Vulnerability Type
栈缓冲区溢出
Vulnerability Title
RIOT OS 安全漏洞
Vulnerability Description
RIOT OS是RIOT开源的一个物联网操作系统。 RIOT OS 2026.01-devel-317及之前版本存在安全漏洞,该漏洞源于tapslip6工具中devopen函数缺少边界检查,可能导致进程崩溃和内存损坏。
CVSS Information
N/A
Vulnerability Type
N/A