Nmeumo

**Name of the Vulnerable Software and Affected Versions** RIOT-OS version 2021.01 before commit bc59d60be60dfc0a05def57d74985371e4f22d79 **Description** The issue is a buffer overflow that could allow attackers to obtain sensitive information. **Recommendations** For RIOT-OS version 2021.01, update to a version that includes commit bc59d60be60dfc0a05def57d74985371e4f22d79 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: RIOT-OS version 2021.01 Description: The issue is related to a buffer overflow in the sys/net/gnrc/routing/rpl/gnrc rpl validation.c file, specifically through the `gnrc rpl validation options()` function. Recommendations: For RIOT-OS version 2021.01, consider disabling the `gnrc rpl validation options()` function as a temporary workaround until a patch is available.

Name of the Vulnerable Software and Affected Versions: RIOT-OS version 2021.01 Description: The issue is related to a buffer overflow in the ` parse options()` function, located in the `/sys/net/gnrc/routing/rpl/gnrc rpl control messages.c` file. Recommendations: For RIOT-OS version 2021.01, consider disabling the ` parse options()` function as a temporary workaround until a patch is available. Restrict access to the `/sys/net/gnrc/routing/rpl/gnrc rpl control messages.c` module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RIOT through 2019.07 **Description** The issue is related to the TCP implementation in RIOT, where the parser for TCP options does not properly terminate on all inputs. This can lead to a denial-of-service due to an infinite loop when encountering an unknown zero-length option in the sys/net/gnrc/transport layer/tcp/gnrc tcp option.c file. **Recommendations** For RIOT through 2019.07, consider applying a patch to fix the infinite loop issue in the TCP options parser to prevent denial-of-service attacks.