CVE-2026-25139

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-25139

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25139.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-25139

Aliases

GHSA-c8fh-23qr-97mc

Published

2026-02-04T17:47:00.378Z

Modified

2026-03-10T14:47:24.340894Z

Severity

8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator

Summary

RIOT Vulnerable to Multiple Out-of-Bounds Read When Processing Received 6LoWPAN SFR Fragments

Details

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. In version 2025.10 and prior, multiple out-of-bounds read allow any unauthenticated user, with ability to send or manipulate input packets, to read adjacent memory locations, or crash a vulnerable device running the 6LoWPAN stack. The received packet is cast into a sixlowpansfrrfrag_t struct and dereferenced without validating the packet is large enough to contain the struct object. At time of publication, no known patch exists.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25139.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-125"
    ]
}

References

Affected packages

Git / github.com/riot-os/riot

Affected ranges

Type

GIT

Repo

https://github.com/riot-os/riot

Events

Introduced

Last affected

d271fc88a4edbaaaea097717aa1f118700cdbb63

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2025.10"
        }
    ]
}

Affected versions

2013.*

2013.08

2014.*

2014.01

2014.05

2014.12

2015.*

2015.09-RC1

2015.12-RC1

2015.12-devel

2016.*

2016.03-devel

2016.04-RC1

2016.07-RC1

2016.07-RC2

2016.07-devel

2016.10-RC1

2016.10-devel

2017.*

2017.01-RC1

2017.01-devel

2017.04-RC1

2017.04-devel

2017.07-RC1

2017.07-devel

2017.10-RC1

2017.10-devel

2018.*

2018.01-RC1

2018.01-devel

2018.04-RC1

2018.04-devel

2018.07-RC1

2018.07-devel

2018.10-RC1

2018.10-devel

2019.*

2019.01-RC1

2019.01-devel

2019.04-RC1

2019.04-devel

2019.07-RC1

2019.07-devel

2019.10-RC1

2019.10-devel

2020.*

2020.01-RC1

2020.01-devel

2020.04-RC1

2020.04-devel

2020.07-RC1

2020.07-devel

2020.10-RC1

2020.10-devel

2021.*

2021.01-RC1

2021.01-devel

2021.04-RC1

2021.04-devel

2021.07-RC1

2021.07-devel

2021.10-RC1

2021.10-devel

2022.*

2022.01-RC1

2022.01-devel

2022.04-RC1

2022.04-devel

2022.07-RC1

2022.07-devel

2022.10-RC1

2022.10-devel

2023.*

2023.01-RC1

2023.01-devel

2023.04-RC1

2023.04-devel

2023.07-RC1

2023.07-devel

2023.10-RC1

2023.10-devel

2024.*

2024.01-RC1

2024.01-devel

2024.04

2024.04-RC1

2024.04-devel

2024.07-RC1

2024.07-devel

2024.10-RC1

2024.10-devel

2025.*

2025.01-RC1

2025.01-devel

2025.04-RC1

2025.04-devel

2025.07-RC1

2025.07-devel

2025.10-devel

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25139.json"