AttackFeed by Joe Wagner | RIOT OS 2026.01-devel-317 Stack-Based Buffer Overflow in RIOT ethos Serial Frame Parser  - Full Disclosure

RIOT OS 2026.01-devel-317 Stack-Based Buffer Overflow in RIOT ethos Serial Frame Parser  – Full Disclosure

Posted on By Joe-W No Comments on RIOT OS 2026.01-devel-317 Stack-Based Buffer Overflow in RIOT ethos Serial Frame Parser  – Full Disclosure
Alert Feeds

 

Posted by Ron E on Jan 10

A stack-based buffer overflow vulnerability exists in the RIOT OS ethos
utility due to missing bounds checking when processing incoming serial
frame data. The vulnerability occurs in the _handle_char() function, where
incoming frame bytes are appended to a fixed-size stack buffer
(serial->frame) without verifying that the current write index
(serial->framebytes) remains within bounds. An attacker capable of sending
crafted serial or…
 – Read More  – Full Disclosure 

You may also like

Alert Feeds
zlib v1.3.1.2 Global Buffer Overflow in TGZfname() of zlib untgz Utility via Unbounded strcpy() on User-Supplied Archive Name  – Full Disclosure
January 6, 2026
Alert Feeds
Google Firebase hosting suspension / “malware distribution” bypass  – Full Disclosure
October 21, 2025
Alert Feeds
Defense in depth — the Microsoft way (part 94): BACKDOOR planted in AppLocker  – Full Disclosure
September 23, 2025
Alert Feeds
Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group)  – Full Disclosure
December 16, 2025

Leave a Reply

AttackFeed by Joe Wagner
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.