CVE-2026-22211

Name of the Vulnerable Software and Affected Versions TinyOS versions up to and including 2.1.2

Description TinyOS versions up to and including 2.1.2 have a global buffer overflow issue in the printfUART formatted output implementation within the ZigBee / IEEE 802.15.4 networking stack. The printfUART function uses strcat() without checking the remaining buffer capacity when formatting output into a fixed-size global buffer. If printfUART is called with a string longer than the buffer size, it can write past the end of the debugbuf buffer, leading to global memory corruption. This can result in denial of service, unexpected behavior, or information disclosure through corrupted global state or UART output.

Recommendations Versions prior to 2.1.2 are vulnerable. At the moment, there is no information about a newer version that contains a fix for this vulnerability.