CVE-2025-66647

Name of the Vulnerable Software and Affected Versions RIOT versions prior to 2025.10

Description RIOT is an open-source microcontroller operating system designed for Internet of Things (IoT) devices and other embedded systems. A flaw exists in the IPv6 fragmentation reassembly implementation. Specifically, when copying the first fragment (offset=0) into the reassembly buffer, there is no size validation. An attacker can exploit this by sending a smaller fragment first, forcing the creation of a small reassembly buffer. Subsequently, overflowing this buffer can corrupt other packet buffers, potentially leading to memory corruption and remote code execution. To trigger this, the gnrc ipv6 ext frag module must be included, and the attacker needs to send arbitrary IPv6 packets to the target device.

Recommendations Update to RIOT version 2025.10 or later.