Pamusuo

**Name of the Vulnerable Software and Affected Versions** RIOT versions 2025.10 and prior **Description** The RIOT operating system, designed for IoT and embedded devices, contains an issue where out-of-bounds read operations can occur. An unauthenticated user capable of sending or manipulating input packets can potentially read adjacent memory locations or cause a device crash when using the 6LoWPAN stack. This happens because a received packet is cast into a `sixlowpan sfr rfrag t` struct and then dereferenced without verifying the packet size is sufficient to contain the struct. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.