CNNVD-202512-3193 Information
CNNVD ID
CNNVD-202512-3193
Related CVE
- CNNVD Published: 2025-12-17
Description (Chinese)
RIOT是RIOT开源的一套应用于物联网领域的操作系统。 RIOT v2025.07版本存在安全漏洞,该漏洞源于IPv6分片重组实现缺少大小检查,可能导致内存损坏。
Description (English)
RIOT is an operating system for RIOT open source applications. The RIOT v2025.07 version contains a security loophole, which stems from the lack of size checks for the IPv6 fraction reorganization, which may result in memory damage.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
RIOT
Published
2025-12-17
Last Modified
2026-02-24
References
https://github.com/RIOT-OS/RIOT/blob/eb65305cf9f1b7affb50b17af5c12341b83a8636/sys/net/gnrc/network_layer/ipv6/ext/frag/gnrc_ipv6_ext_frag.c#L411 https://github.com/RIOT-OS/RIOT/blob/eb65305cf9f1b7affb50b17af5c12341b83a8636/sys/net/gnrc/network_layer/ipv6/ext/frag/gnrc_ipv6_ext_frag.c#L481 https://github.com/RIOT-OS/RIOT/blob/eb65305cf9f1b7affb50b17af5c12341b83a8636/sys/net/gnrc/network_layer/ipv6/ext/frag/gnrc_ipv6_ext_frag.c#L532 https://github.com/RIOT-OS/RIOT/blob/eb65305cf9f1b7affb50b17af5c12341b83a8636/sys/net/gnrc/network_layer/ipv6/ext/frag/gnrc_ipv6_ext_frag.c#L544 https://github.com/RIOT-OS/RIOT/releases/tag/2025.10 https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-wh3v-q6vr-j79r
Patch
https://github.com/RIOT-OS/RIOT/releases
Share on: