CVE

CVE-2026-22214

CVE

CVE-2026-22214

RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the ethos utility due to missing bounds checking when processing incoming serial frame data. The vulnerability occurs in the handlechar() function, where incoming frame bytes are appended to a fixed-size stack buffer without verifying that the current write index remains within bounds. An attacker capable of sending crafted serial or TCP-framed input can cause the current write index to exceed the buffer size, resulting in a write past the end of the stack buffer. This condition leads to memory corruption and application crash.

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

6.8

4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Related Resources

No items found.

References

https://www.riot-os.org/, https://seclists.org/fulldisclosure/2026/Jan/16, https://www.vulncheck.com/advisories/riot-os-stack-based-buffer-overflow-in-ethos-serial-frame-parser, https://github.com/RIOT-OS/RIOT, https://seclists.org/fulldisclosure/2026/Jan/16

Severity

9.8

CVSS Score

Basic Information

Ecosystem

Base CVSS

9.8

EPSS Probability

0.00058%

EPSS Percentile

0.18098%

Introduced Version

Fix Available

d271fc88a4edbaaaea097717aa1f118700cdbb63

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

CVE-2026-22214

CVE-2026-22214

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

9.8

Basic Information

Fix Critical Vulnerabilities Instantly