CVE-2026-22213

UNKNOWN 0.0

RIOT OS <= 2026.01-devel-317 Stack-Based Buffer Overflow in tapslip6 Utility

CVSS Score

0.0

EPSS Score

0.1%

EPSS Percentile

16th

RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the tapslip6 utility. The vulnerability is caused by unsafe string concatenation in the devopen() function, which constructs a device path using unbounded user-controlled input. The utility uses strcpy() and strcat() to concatenate the fixed prefix '/dev/' with a user-supplied device name provided via the -s command-line option without bounds checking. This allows an attacker to supply an excessively long device name and overflow a fixed-size stack buffer, leading to process crashes and memory corruption.

CWE	CWE-121
Vendor	riot
Product	riot os
Published	Jan 12, 2026
Last Updated	May 14, 2026

Stay Ahead of the Next One

Get instant alerts for riot riot os

Be the first to know when new unknown vulnerabilities affecting riot riot os are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

RIOT / RIOT OS

0 ≤ 2026.01-devel-317

References

NVD ↗ CVE.org ↗ EPSS Data ↗

seclists.org: https://seclists.org/fulldisclosure/2026/Jan/15 riot-os.org: https://www.riot-os.org/ github.com: https://github.com/RIOT-OS/RIOT vulncheck.com: https://www.vulncheck.com/advisories/riot-os-stack-based-buffer-overflow-in-tapslip6-utility

Credits

Ron Edgerson