CNNVD-202512-3259 Information
CNNVD ID
CNNVD-202512-3259
Related CVE
- CNNVD Published: 2025-12-17
Description (Chinese)
RIOT是RIOT开源的一套应用于物联网领域的操作系统。 RIOT v2025.07版本存在代码问题漏洞,该漏洞源于IPv6分片重组实现存在空指针取消引用,可能导致操作系统崩溃。
Description (English)
RIOT is an operating system for RIOT open source applications. The RIOT v2025.07 version has a code problem loophole, which stems from the empty pointer de-quote of the IPv6 fraction reorganization, which could lead to a breakdown of the operating system.
Hazard Level
Critical
Vulnerability Type
代码问题
Affected Vendor
RIOT
Published
2025-12-17
Last Modified
2026-02-24
References
https://github.com/RIOT-OS/RIOT/blob/eb65305cf9f1b7affb50b17af5c12341b83a8636/sys/net/gnrc/network_layer/ipv6/ext/frag/gnrc_ipv6_ext_frag.c#L411 https://github.com/RIOT-OS/RIOT/blob/eb65305cf9f1b7affb50b17af5c12341b83a8636/sys/net/gnrc/network_layer/ipv6/ext/frag/gnrc_ipv6_ext_frag.c#L420 https://github.com/RIOT-OS/RIOT/blob/eb65305cf9f1b7affb50b17af5c12341b83a8636/sys/net/gnrc/network_layer/ipv6/ext/frag/gnrc_ipv6_ext_frag.c#L490 https://github.com/RIOT-OS/RIOT/blob/eb65305cf9f1b7affb50b17af5c12341b83a8636/sys/net/gnrc/network_layer/ipv6/ext/frag/gnrc_ipv6_ext_frag.c#L532 https://github.com/RIOT-OS/RIOT/blob/eb65305cf9f1b7affb50b17af5c12341b83a8636/sys/net/gnrc/network_layer/ipv6/ext/frag/gnrc_ipv6_ext_frag.c#L534 https://github.com/RIOT-OS/RIOT/blob/eb65305cf9f1b7affb50b17af5c12341b83a8636/sys/net/gnrc/network_layer/ipv6/ext/frag/gnrc_ipv6_ext_frag.c#L544 https://github.com/RIOT-OS/RIOT/blob/eb65305cf9f1b7affb50b17af5c12341b83a8636/sys/net/gnrc/pktbuf_static/gnrc_pktbuf_static.c#L150C1-L150C76 https://github.com/RIOT-OS/RIOT/releases/tag/2025.10 https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-v8gx-q9m6-5xm9 https://github.com/user-attachments/files/23903992/reproducer_1.zip
Patch
https://github.com/RIOT-OS/RIOT/releases
Share on: