CVE-2026-22211 in TinyOSinformation

Résumé

par MITRE • 14/01/2026

TinyOS versions up to and including 2.1.2 contain a global buffer overflow vulnerability in the printfUART formatted output implementation used within the ZigBee / IEEE 802.15.4 networking stack. The implementation formats output into a fixed-size global buffer and concatenates strings for %s format specifiers using strcat() without verifying remaining buffer capacity. When printfUART is invoked with a caller-controlled string longer than the available space, the unbounded sprintf/strcat sequence writes past the end of debugbuf, resulting in global memory corruption. This can cause denial of service, unintended behavior, or information disclosure via corrupted adjacent global state or UART output.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

VulnCheck

Réserver

06/01/2026

Divulgation

14/01/2026

Modérer

accepté

Entrée

VDB-341111

CPE

prêt

CWE

CWE-787 (confirmé)

CVSS

4.0 (VulDB)

EPSS

0.00038

KEV

non

Activités

très faible

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-22211
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-22211
CVE Details	https://www.cvedetails.com/cve/CVE-2026-22211/

◂ Précédent Aperçu Suivant ▸

Do you need the next level of professionalism?

Upgrade your account now!