RIOT OS Out-of-Bounds Read Vulnerability in 6LoWPAN Stack Allowing Memory Access or Device Crash

Vulnerability

In RIOT OS versions through 2025.10, a vulnerability exists in the 6LoWPAN stack that allows out-of-bounds read operations. This issue can be exploited by any unauthenticated user who can send or manipulate input packets. The vulnerability arises because received packets are improperly validated before being processed, leading to potential access of adjacent memory locations or causing a crash on the affected device.

Impact

Exploitation of this vulnerability can result in unauthorized access to sensitive data in adjacent memory or cause a device crash, particularly on architectures with strict memory access requirements, leading to a denial-of-service condition.

Added: Feb 4, 2026, 6:53 PM

Updated: Feb 4, 2026, 6:53 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

5.0

exploitability

5.3

remediation

0.0

relevance

2.5

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

5.0

exploitability

5.3

remediation

0.0

relevance

2.5

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

RIOT OS Out-of-Bounds Read Vulnerability in 6LoWPAN Stack Allowing Memory Access or Device Crash

Vulnerability

Impact

Affected Products

RIOT

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating