Nixpkgs security tracker

Dismissed

Permalink CVE-2026-25139

updated 2 months, 3 weeks ago by @LeSuisse Activity log

Created suggestion 2 months, 3 weeks ago
@LeSuisse ignored
3 packages
- aisleriot
- riot-redis
- superiotool
2 months, 3 weeks ago
@LeSuisse dismissed 2 months, 3 weeks ago

RIOT Vulnerable to Multiple Out-of-Bounds Read When Processing Received 6LoWPAN SFR Fragments

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. In version 2025.10 and prior, multiple out-of-bounds read allow any unauthenticated user, with ability to send or manipulate input packets, to read adjacent memory locations, or crash a vulnerable device running the 6LoWPAN stack. The received packet is cast into a sixlowpan_sfr_rfrag_t struct and dereferenced without validating the packet is large enough to contain the struct object. At time of publication, no known patch exists.

References

https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-c8fh-23qr-97mc x_refsource_CONFIRM

Affected products

RIOT

==<= 2025.10

Ignored packages (3)

pkgs.aisleriot

Collection of patience games written in guile scheme

nixos-unstable 3.22.35
- nixpkgs-unstable 3.22.35
- nixos-unstable-small 3.22.35
nixos-25.11 3.22.35
- nixos-25.11-small 3.22.35
- nixpkgs-25.11-darwin 3.22.35

pkgs.riot-redis

Get data in and out of Redis

nixos-unstable 2.19.0
- nixpkgs-unstable 2.19.0
- nixos-unstable-small 2.19.0
nixos-25.11 2.19.0
- nixos-25.11-small 2.19.0
- nixpkgs-25.11-darwin 2.19.0

pkgs.superiotool

User-space utility to detect Super I/O of a mainboard and provide detailed information about the register contents of the Super I/O

nixos-unstable 25.12
- nixpkgs-unstable 25.12
- nixos-unstable-small 25.12
nixos-25.11 25.09
- nixos-25.11-small 25.09
- nixpkgs-25.11-darwin 25.09

Not present in nixpkgs

Suggestion detail

References

Affected products

pkgs.aisleriot

pkgs.riot-redis

pkgs.superiotool