CVE-2026-25139 – RIOT Vulnerable to Multiple Out-of-Bounds Read When Processing Received 6LoWPAN SFR Fragments

CVE ID : CVE-2026-25139

Published : Feb. 4, 2026, 6:16 p.m. | 1 hour, 2 minutes ago

Description : RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. In version 2025.10 and prior, multiple out-of-bounds read allow any unauthenticated user, with ability to send or manipulate input packets, to read adjacent memory locations, or crash a vulnerable device running the 6LoWPAN stack. The received packet is cast into a sixlowpan_sfr_rfrag_t struct and dereferenced without validating the packet is large enough to contain the struct object. At time of publication, no known patch exists.

Severity: 8.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2026-25139 – RIOT Vulnerable to Multiple Out-of-Bounds Read When Processing Received 6LoWPAN SFR Fragments

تکمیل ظرفیت سرور لهستان

سرور مناسب برای ترید و ارز دیجیتال

دیتاسنتر جدید در لهستان

سرور های جدید از اسپانیا

AMD EPYC & Ryzen از کشور انگلستان

آفر های جدید AMD EPYC و AMD Ryzen

آفر سرور اختصاصی از آمریکا

افزایش قیمت دامنه های ir از ۳۱ خرداد

افزایش قیمت جهانی دامنه .com

آفر های جدید سرور اختصاصی مرداد 1403

CVE-2026-22044 – GLPI is Vulnerable to Authenticated SQL Injection

سرور های جدید از روسیه-وارز

تخفیف ویژه دامنه .ASIA

ثبت دامنه .IO

انتقال رایگان پسوند دامنه PW

Kerio Control 9.2.4 Build 2223

نوشته های مشابه

CVE-2026-25140 – apko affected by potential unbounded resource consumption in expandapk.ExpandApk on attacker-controlled .apk streams

CVE-2026-25121 – apko is vulnerable to path traversal in apko dirFS which allows filesystem writes outside base

CVE-2026-25122 – apko is vulnerable to unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams

CVE-2026-25507 – ESF-IDF Has Use-after-free Vulnerability in BLE Provisioning