PT-2026-2909 · Tinyos · Tinyos
Ron Edgerson
·
Publicado
2026-01-14
·
Atualizado
2026-01-14
·
CVE-2026-22211
CVSS v4.0
5.1
Média
| Vetor | AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
TinyOS versions up to and including 2.1.2
Description
TinyOS versions up to and including 2.1.2 have a global buffer overflow issue in the
printfUART formatted output implementation within the ZigBee / IEEE 802.15.4 networking stack. The printfUART function uses strcat() without checking the remaining buffer capacity when formatting output into a fixed-size global buffer. If printfUART is called with a string longer than the buffer size, it can write past the end of the debugbuf buffer, leading to global memory corruption. This can result in denial of service, unexpected behavior, or information disclosure through corrupted global state or UART output.Recommendations
Versions prior to 2.1.2 are vulnerable.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Memory Corruption
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Tinyos