CVE-2025-66647

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-66647
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-66647.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-66647
Aliases
  • GHSA-wh3v-q6vr-j79r
Published
2025-12-17T20:21:13.264Z
Modified
2026-03-13T03:42:20.729318Z
Severity
  • 1.7 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U CVSS Calculator
Summary
RIOT OS has buffer overflow in gnrc_ipv6_ext_frag_reass
Details

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. A vulnerability was discovered in the IPv6 fragmentation reassembly implementation of RIOT OS v2025.07. When copying the contents of the first fragment (offset=0) into the reassembly buffer, no size check is performed. It is possible to force the creation of a small reassembly buffer by first sending a shorter fragment (also with offset=0). Overflowing the reassembly buffer corrupts the state of other packet buffers which an attacker might be able to used to achieve further memory corruption (potentially resulting in remote code execution). To trigger the vulnerability, the gnrc_ipv6_ext_frag module must be included and the attacker must be able to send arbitrary IPv6 packets to the victim. Version 2025.10 fixes the issue.

Database specific 
{
    "cwe_ids": [
        "CWE-120"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/66xxx/CVE-2025-66647.json"
}
References

Affected packages

Git / github.com/riot-os/riot

Affected ranges

Type
GIT
Repo
https://github.com/riot-os/riot
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d271fc88a4edbaaaea097717aa1f118700cdbb63
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2025.10"
        }
    ]
}

Affected versions

2013.*
2013.08
2014.*
2014.01
2014.05
2014.12
2015.*
2015.09-RC1
2015.12-RC1
2015.12-devel
2016.*
2016.03-devel
2016.04-RC1
2016.07-RC1
2016.07-RC2
2016.07-devel
2016.10-RC1
2016.10-devel
2017.*
2017.01-RC1
2017.01-devel
2017.04-RC1
2017.04-devel
2017.07-RC1
2017.07-devel
2017.10-RC1
2017.10-devel
2018.*
2018.01-RC1
2018.01-devel
2018.04-RC1
2018.04-devel
2018.07-RC1
2018.07-devel
2018.10-RC1
2018.10-devel
2019.*
2019.01-RC1
2019.01-devel
2019.04-RC1
2019.04-devel
2019.07-RC1
2019.07-devel
2019.10-RC1
2019.10-devel
2020.*
2020.01-RC1
2020.01-devel
2020.04-RC1
2020.04-devel
2020.07-RC1
2020.07-devel
2020.10-RC1
2020.10-devel
2021.*
2021.01-RC1
2021.01-devel
2021.04-RC1
2021.04-devel
2021.07-RC1
2021.07-devel
2021.10-RC1
2021.10-devel
2022.*
2022.01-RC1
2022.01-devel
2022.04-RC1
2022.04-devel
2022.07-RC1
2022.07-devel
2022.10-RC1
2022.10-devel
2023.*
2023.01-RC1
2023.01-devel
2023.04-RC1
2023.04-devel
2023.07-RC1
2023.07-devel
2023.10-RC1
2023.10-devel
2024.*
2024.01-RC1
2024.01-devel
2024.04
2024.04-RC1
2024.04-devel
2024.07-RC1
2024.07-devel
2024.10-RC1
2024.10-devel
2025.*
2025.01-RC1
2025.01-devel
2025.04-RC1
2025.04-devel
2025.07-devel

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-66647.json"