Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
RIOT OS <= 2026.01-devel-317 Stack-Based Buffer Overflow in ethos Serial Frame Parser
Vulnerability Description
RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the ethos utility due to missing bounds checking when processing incoming serial frame data. The vulnerability occurs in the _handle_char() function, where incoming frame bytes are appended to a fixed-size stack buffer without verifying that the current write index remains within bounds. An attacker capable of sending crafted serial or TCP-framed input can cause the current write index to exceed the buffer size, resulting in a write past the end of the stack buffer. This condition leads to memory corruption and application crash.
CVSS Information
N/A
Vulnerability Type
栈缓冲区溢出
Vulnerability Title
RIOT OS 安全漏洞
Vulnerability Description
RIOT OS是RIOT开源的一个物联网操作系统。 RIOT OS 2026.01-devel-317及之前版本存在安全漏洞,该漏洞源于ethos工具处理串行帧数据时缺少边界检查,可能导致内存损坏和应用程序崩溃。
CVSS Information
N/A
Vulnerability Type
N/A