CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-22213

RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the tapslip6 utility. The vulnerability is caused by unsafe string concatenation in the devopen() function, which constructs a device path using unbounded user-controlled input. The utility uses strcpy() and strcat() to concatenate the fixed prefix '/dev/' with a user-supplied device name provided via the -s command-line option without bounds checking. This allows an attacker to supply an excessively long device name and overflow a fixed-size stack buffer, leading to process crashes and memory corruption.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 3.6%

CVSS Severity

CVSS v3 Score 9.8

References

Products affected by CVE-2026-22213

Riot-Os » Riot » Version: 2013.08

cpe:2.3:o:riot-os:riot:2013.08
Riot-Os » Riot » Version: 2014.01

cpe:2.3:o:riot-os:riot:2014.01
Riot-Os » Riot » Version: 2014.05

cpe:2.3:o:riot-os:riot:2014.05
Riot-Os » Riot » Version: 2014.12

cpe:2.3:o:riot-os:riot:2014.12
Riot-Os » Riot » Version: 2015.09

cpe:2.3:o:riot-os:riot:2015.09
Riot-Os » Riot » Version: 2015.12

cpe:2.3:o:riot-os:riot:2015.12
Riot-Os » Riot » Version: 2016.04

cpe:2.3:o:riot-os:riot:2016.04
Riot-Os » Riot » Version: 2016.07

cpe:2.3:o:riot-os:riot:2016.07
Riot-Os » Riot » Version: 2016.10

cpe:2.3:o:riot-os:riot:2016.10
Riot-Os » Riot » Version: 2017.01

cpe:2.3:o:riot-os:riot:2017.01
Riot-Os » Riot » Version: 2017.04

cpe:2.3:o:riot-os:riot:2017.04
Riot-Os » Riot » Version: 2017.07

cpe:2.3:o:riot-os:riot:2017.07
Riot-Os » Riot » Version: 2017.10

cpe:2.3:o:riot-os:riot:2017.10
Riot-Os » Riot » Version: 2018.01

cpe:2.3:o:riot-os:riot:2018.01
Riot-Os » Riot » Version: 2018.04

cpe:2.3:o:riot-os:riot:2018.04
Riot-Os » Riot » Version: 2018.07

cpe:2.3:o:riot-os:riot:2018.07
Riot-Os » Riot » Version: 2018.10

cpe:2.3:o:riot-os:riot:2018.10
Riot-Os » Riot » Version: 2018.10.1

cpe:2.3:o:riot-os:riot:2018.10.1
Riot-Os » Riot » Version: 2019.01

cpe:2.3:o:riot-os:riot:2019.01
Riot-Os » Riot » Version: 2019.04

cpe:2.3:o:riot-os:riot:2019.04
Riot-Os » Riot » Version: 2019.07

cpe:2.3:o:riot-os:riot:2019.07
Riot-Os » Riot » Version: 2019.10

cpe:2.3:o:riot-os:riot:2019.10
Riot-Os » Riot » Version: 2020.01

cpe:2.3:o:riot-os:riot:2020.01
Riot-Os » Riot » Version: 2020.01.1

cpe:2.3:o:riot-os:riot:2020.01.1
Riot-Os » Riot » Version: 2020.04

cpe:2.3:o:riot-os:riot:2020.04
Riot-Os » Riot » Version: 2021.01

cpe:2.3:o:riot-os:riot:2021.01
Riot-Os » Riot » Version: 2021.04

cpe:2.3:o:riot-os:riot:2021.04
Riot-Os » Riot » Version: 2021.07

cpe:2.3:o:riot-os:riot:2021.07
Riot-Os » Riot » Version: 2021.10

cpe:2.3:o:riot-os:riot:2021.10
Riot-Os » Riot » Version: 2022.01

cpe:2.3:o:riot-os:riot:2022.01
Riot-Os » Riot » Version: 2022.04

cpe:2.3:o:riot-os:riot:2022.04
Riot-Os » Riot » Version: 2022.07

cpe:2.3:o:riot-os:riot:2022.07
Riot-Os » Riot » Version: 2022.10

cpe:2.3:o:riot-os:riot:2022.10
Riot-Os » Riot » Version: 2023.01

cpe:2.3:o:riot-os:riot:2023.01
Riot-Os » Riot » Version: 2023.04

cpe:2.3:o:riot-os:riot:2023.04
Riot-Os » Riot » Version: 2023.07

cpe:2.3:o:riot-os:riot:2023.07
Riot-Os » Riot » Version: 2023.10

cpe:2.3:o:riot-os:riot:2023.10
Riot-Os » Riot » Version: 2024.01

cpe:2.3:o:riot-os:riot:2024.01
Riot-Os » Riot » Version: 2024.04

cpe:2.3:o:riot-os:riot:2024.04
Riot-Os » Riot » Version: 2024.07

cpe:2.3:o:riot-os:riot:2024.07
Riot-Os » Riot » Version: 2024.10

cpe:2.3:o:riot-os:riot:2024.10
Riot-Os » Riot » Version: 2025.01

cpe:2.3:o:riot-os:riot:2025.01
Riot-Os » Riot » Version: 2025.04

cpe:2.3:o:riot-os:riot:2025.04
Riot-Os » Riot » Version: 2025.07

cpe:2.3:o:riot-os:riot:2025.07
Riot-Os » Riot » Version: 2026.01

cpe:2.3:o:riot-os:riot:2026.01

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-22213

Products

Pricing

Contact Us