CVE-2026-22214

Name of the Vulnerable Software and Affected Versions RIOT OS versions up to and including 2026.01-devel-317

Description RIOT OS versions up to and including 2026.01-devel-317 have a stack-based buffer overflow issue in the ethos utility. This is due to a lack of bounds checking when handling incoming serial frame data. The issue is present in the handle char() function, where incoming frame bytes are added to a fixed-size stack buffer without ensuring the write index stays within the buffer's limits. An attacker sending specially crafted serial or TCP-framed input can cause the write index to go beyond the buffer size, leading to memory corruption and application crashes.

Recommendations Update RIOT OS to a version newer than 2026.01-devel-317.