CVE-2026-22211 in TinyOSinformação

Sumário

de MITRE • 14/01/2026

TinyOS versions up to and including 2.1.2 contain a global buffer overflow vulnerability in the printfUART formatted output implementation used within the ZigBee / IEEE 802.15.4 networking stack. The implementation formats output into a fixed-size global buffer and concatenates strings for %s format specifiers using strcat() without verifying remaining buffer capacity. When printfUART is invoked with a caller-controlled string longer than the available space, the unbounded sprintf/strcat sequence writes past the end of debugbuf, resulting in global memory corruption. This can cause denial of service, unintended behavior, or information disclosure via corrupted adjacent global state or UART output.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

VulnCheck

Reservar

06/01/2026

Divulgação

14/01/2026

Moderação

aceite

Entrada

VDB-341111

CPE

pronto

CWE

CWE-787 (confirmado)

CVSS

4.0 (VulDB)

EPSS

0.00038

KEV

não

Atividades

muito baixo

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-22211
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-22211
CVE Details	https://www.cvedetails.com/cve/CVE-2026-22211/

◂ Voltar Visão Geral Próximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!