Nils-Bernsdorf

**Name of the Vulnerable Software and Affected Versions** RIOT versions prior to 2025.10 **Description** RIOT is an open-source microcontroller operating system designed for Internet of Things (IoT) devices and other embedded systems. A flaw exists in the IPv6 fragmentation reassembly implementation. Specifically, when processing a fragmented IPv6 packet with a fragment offset of 0 and an empty payload, the payload pointer is set to NULL. The implementation then attempts to copy this payload into the reassembly buffer, leading to a NULL pointer dereference and causing the operating system to crash, resulting in a denial-of-service (DoS). To exploit this, the `gnrc ipv6 ext frag` module must be enabled, and an attacker needs to be able to send arbitrary IPv6 packets to the target device. **Recommendations** Update to RIOT version 2025.10 or later.

**Name of the Vulnerable Software and Affected Versions** RIOT versions prior to 2025.10 **Description** RIOT is an open-source microcontroller operating system designed for Internet of Things (IoT) devices and other embedded systems. A flaw exists in the IPv6 fragmentation reassembly implementation. Specifically, when copying the first fragment (offset=0) into the reassembly buffer, there is no size validation. An attacker can exploit this by sending a smaller fragment first, forcing the creation of a small reassembly buffer. Subsequently, overflowing this buffer can corrupt other packet buffers, potentially leading to memory corruption and remote code execution. To trigger this, the `gnrc ipv6 ext frag` module must be included, and the attacker needs to send arbitrary IPv6 packets to the target device. **Recommendations** Update to RIOT version 2025.10 or later.