Untriaged
Permalink
CVE-2026-27703
7.5 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): HIGH
- Availability impact (A): NONE
RIOT has an Out-of-Bounds Write in nanoCoAP Handler
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. In 2026.01 and earlier, the default handler for the well_known_core resource coap_well_known_core_default_handler writes user-provided option data and other data into a fixed size buffer without validating the buffer is large enough to contain the response. This vulnerability allows an attacker to corrupt neighboring stack location, including security-sensitive addresses like the return address, leading to denial of service or arbitrary code execution.
References
- https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-qgj4-9jff-93cj x_refsource_CONFIRM
Affected products
RIOT
- ==<= 2026.01
Matching in nixpkgs
pkgs.aisleriot
Collection of patience games written in guile scheme
pkgs.riot-redis
Get data in and out of Redis
Package maintainers
-
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>
-
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
-
@bobby285271 Bobby Rong <rjl931189261@126.com>
-
@wesnel Wesley Nelson <wgn@wesnel.dev>
-
@felixsinger Felix Singer <felixsinger@posteo.net>
-
@jmbaur Jared Baur <jaredbaur@fastmail.com>