CVE-2026-22211 in TinyOSinfo

Zusammenfassung

von MITRE • 14.01.2026

TinyOS versions up to and including 2.1.2 contain a global buffer overflow vulnerability in the printfUART formatted output implementation used within the ZigBee / IEEE 802.15.4 networking stack. The implementation formats output into a fixed-size global buffer and concatenates strings for %s format specifiers using strcat() without verifying remaining buffer capacity. When printfUART is invoked with a caller-controlled string longer than the available space, the unbounded sprintf/strcat sequence writes past the end of debugbuf, resulting in global memory corruption. This can cause denial of service, unintended behavior, or information disclosure via corrupted adjacent global state or UART output.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

VulnCheck

Reservieren

06.01.2026

Veröffentlichung

14.01.2026

Moderieren

akzeptiert

Eintrag

VDB-341111

CPE

bereit

CWE

CWE-787 (bestätigt)

CVSS

4.0 (VulDB)

EPSS

0.00038

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-22211
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-22211
CVE Details	https://www.cvedetails.com/cve/CVE-2026-22211/

◂ Zurück Übersicht Weiter ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!