CVE-2025-66646 - RIOT-OS has NULL pointer dereference in gnrc_ipv6_ext_frag_reass

CVE ID : CVE-2025-66646 Published : Dec. 17, 2025, 8:15 p.m. | 37 minutes ago Description : RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. A vulnerability was discovered in the IPv6 fragmentation reassembly implementation of RIOT OS v2025.07. When receiving an fragmented IPv6 packet with fragment offset 0 and an empty payload, the payload pointer is set to NULL. However, the implementation still tries to copy the payload into the reassembly buffer, resulting in a NULL pointer dereference which crashes the OS (DoS). To trigger the vulnerability, the `gnrc_ipv6_ext_frag` module must be enabled and the attacker must be able to send arbitrary IPv6 packets to the victim. RIOT OS v2025.10 fixes the issue. Severity: 1.7 | LOW Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Telegram CVE Monitor