CVE-2025-66646

Name of the Vulnerable Software and Affected Versions RIOT versions prior to 2025.10

Description RIOT is an open-source microcontroller operating system designed for Internet of Things (IoT) devices and other embedded systems. A flaw exists in the IPv6 fragmentation reassembly implementation. Specifically, when processing a fragmented IPv6 packet with a fragment offset of 0 and an empty payload, the payload pointer is set to NULL. The implementation then attempts to copy this payload into the reassembly buffer, leading to a NULL pointer dereference and causing the operating system to crash, resulting in a denial-of-service (DoS). To exploit this, the gnrc ipv6 ext frag module must be enabled, and an attacker needs to be able to send arbitrary IPv6 packets to the target device.

Recommendations Update to RIOT version 2025.10 or later.