Home/Product/riot os riot
Product

riot os riot

41 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-27703
<= 2026.01
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices an
7.5HIGH
 CVE-2026-25139
<= 2025.10
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices an
9.1CRITICAL
 CVE-2026-22214
< 2025.10
RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the ethos utility du
9.8CRITICAL
 CVE-2026-22213
< 2025.10
RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the tapslip6 utility
9.8CRITICAL
 CVE-2025-66647
< 2025.10
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices an
9.8CRITICAL
 CVE-2025-66646
< 2025.10
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices an
7.5HIGH
 CVE-2025-53888
<= 2025.04
RIOT-OS, an operating system that supports Internet of Things devices, has an ineffective size check implemented with assert() c
9.8CRITICAL
 CVE-2024-53980
<= 2024.07
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices an
7.5HIGH
 CVE-2024-52802
<= 2024.04
RIOT is an operating system for internet of things (IoT) devices. In version 2024.04 and prior, the function _parse_advertise, l
7.5HIGH
 CVE-2024-32018
<= 2024.01
RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit
8.8HIGH
 CVE-2024-32017
<= 2024.01
RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit
9.8CRITICAL
 CVE-2024-31225
< 2024.01
RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit
8.3HIGH
 CVE-2023-33975
<= 2023.01
RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN fr
9.8CRITICAL
 CVE-2023-33974
<= 2023.01
RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN fr
7.5HIGH
 CVE-2023-33973
<= 2023.01
RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN fr
7.5HIGH
 CVE-2023-24826
< 2023.04
RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN fr
5.9MEDIUM
 CVE-2023-24825
< 2023.04
RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN fr
7.5HIGH
 CVE-2023-24817
< 2023.04
RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN fr
7.5HIGH
 CVE-2023-24823
< 2022.10
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPA
9.8CRITICAL
 CVE-2023-24822
< 2022.10
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPA
7.5HIGH
 CVE-2023-24821
< 2022.10
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPA
7.5HIGH
 CVE-2023-24820
< 2022.10
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPA
7.5HIGH
 CVE-2023-24819
< 2022.10
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPA
9.8CRITICAL
 CVE-2023-24818
< 2022.10
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPA
7.5HIGH
 CVE-2021-27427
all versions
RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its implementation of calloc function, which can lead to arbitra
7.3HIGH
 CVE-2021-41061
all versions
In RIOT-OS 2021.01, nonce reuse in 802.15.4 encryption in the ieee820154_security component allows attackers to break encryption b
5.5MEDIUM
 CVE-2021-31664
all versions
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to o
7.5HIGH
 CVE-2021-31663
all versions
RIOT-OS 2021.01 before commit bc59d60be60dfc0a05def57d74985371e4f22d79 contains a buffer overflow which could allow attackers to o
7.5HIGH
 CVE-2021-31662
all versions
RIOT-OS 2021.01 before commit 07f1254d8537497552e7dce80364aaead9266bbe contains a buffer overflow which could allow attackers to o
7.5HIGH
 CVE-2021-31661
all versions
RIOT-OS 2021.01 before commit 609c9ada34da5546cffb632a98b7ba157c112658 contains a buffer overflow that could allow attackers to ob
7.5HIGH
 CVE-2021-31660
all versions
RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to o
7.5HIGH
 CVE-2021-27698
all versions
RIOT-OS 2021.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c through the _par
9.8CRITICAL
 CVE-2021-27697
all versions
RIOT-OS 2021.01 contains a buffer overflow vulnerability in sys/net/gnrc/routing/rpl/gnrc_rpl_validation.c through the gnrc_rpl_va
9.8CRITICAL
 CVE-2021-27357
all versions
RIOT-OS 2020.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c.
9.8CRITICAL
 CVE-2020-15350
all versions
RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding function base64_decode() uses an output buffer estimation f
9.8CRITICAL
 CVE-2019-17389
all versions
In RIOT 2019.07, the MQTT-SN implementation (asymcute) mishandles errors occurring during a read operation on a UDP socket. The re
7.5HIGH
 CVE-2019-16754
all versions
RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implementation (asymcute), potentially allowing an attacker to cra
7.5HIGH
 CVE-2019-15702
<= 2019.07
In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the parser for TCP options does not terminate on all inputs, allowin
7.5HIGH
 CVE-2019-15134
<= 2019.07
RIOT through 2019.07 contains a memory leak in the TCP implementation (gnrc_tcp), allowing an attacker to consume all memory avail
7.5HIGH
 CVE-2019-1000006
>= 2017.04 and < 2018.10.1
RIOT RIOT-OS version after commit 7af03ab624db0412c727eed9ab7630a5282e2fd3 contains a Buffer Overflow vulnerability in sock_dns, a
9.8CRITICAL
 CVE-2017-8289
<= 2017.01
Stack-based buffer overflow in the ipv6_addr_from_str function in sys/net/network_layer/ipv6/addr/ipv6_addr_from_str.c in RIOT pri
9.8CRITICAL
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns TAXII feed Data sources
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh