{"id":3234,"date":"2024-05-07T09:28:05","date_gmt":"2024-05-07T07:28:05","guid":{"rendered":"https:\/\/security.humanativaspa.it\/?p=3234"},"modified":"2025-10-21T09:12:47","modified_gmt":"2025-10-21T09:12:47","slug":"multiple-vulnerabilities-in-riot-os","status":"publish","type":"post","link":"https:\/\/hnsecurity.it\/it\/blog\/multiple-vulnerabilities-in-riot-os\/","title":{"rendered":"Multiple vulnerabilities in RIOT OS"},"content":{"rendered":"<blockquote><p><em>&#8220;Where there is parsing, there are bugs.&#8221;<\/em><br \/>\n<em>&#8212; Dr. Silvio Cesare<\/em><\/p><\/blockquote>\n<h3>Summary<\/h3>\n<p><a href=\"https:\/\/www.riot-os.org\/\">RIOT<\/a> is a free, open-source, <strong>real-time operating system<\/strong> developed by a grassroots community gathering companies, academia, and hobbyists, distributed all around the world. It supports most low-power <strong>IoT devices<\/strong>, microcontroller architectures (32-bit, 16-bit, 8-bit), and external devices. RIOT aims to implement all relevant open standards supporting an Internet of Things that is connected, secure, durable, and privacy-friendly.<\/p>\n<p>I reviewed RIOT&#8217;s <a href=\"https:\/\/github.com\/RIOT-OS\/RIOT\">source code<\/a> hosted on GitHub and identified multiple <strong>security vulnerabilities<\/strong> that may cause memory corruption. Their impacts range from <strong>denial of service<\/strong> to potential <strong>arbitrary code execution<\/strong>.<\/p>\n<p>My detailed advisory is available at <a href=\"https:\/\/github.com\/hnsecurity\/vulns\/blob\/main\/HNS-2024-07-riot.txt\">https:\/\/github.com\/hnsecurity\/vulns\/blob\/main\/HNS-2024-07-riot.txt<\/a>.<\/p>\n<h3>Background<\/h3>\n<p>Continuing my recent vulnerability <a href=\"https:\/\/hnsecurity.it\/ost2-zephyr-rtos-and-a-bunch-of-cves\/\">research<\/a> <a href=\"https:\/\/hnsecurity.it\/multiple-vulnerabilities-in-rt-thread-rtos\/\">work<\/a> in the <strong>IoT space<\/strong>, I keep assisting open-source projects in finding and fixing security vulnerabilities by <strong>reviewing their source code<\/strong>, with the final goal to <strong>make IoT more secure<\/strong>. In January 2024, RIOT was selected as a target of interest.<\/p>\n<p>During the source code review, I put my <a href=\"https:\/\/hnsecurity.it\/big-update-to-my-semgrep-c-cpp-ruleset\/\">Semgrep C\/C++ ruleset<\/a> and <a href=\"https:\/\/hnsecurity.it\/a-collection-of-weggli-patterns-for-c-cpp-vulnerability-research\/\">weggli pattern collection<\/a> to good use to identify hotspots in code on which to focus my attention. By the way, I have a recent addition in my toolbelt that is greatly improving my static analysis workflow: <a href=\"https:\/\/marketplace.visualstudio.com\/items?itemName=trailofbits.sarif-explorer\">SARIF Explorer<\/a> by <a href=\"https:\/\/twitter.com\/trailofbits\">Trail of Bits<\/a>. Highly recommended!<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Triaging static analysis results is now easier with our VSCode extension SARIF explorer. <a href=\"https:\/\/t.co\/P1UmyCuMyq\">https:\/\/t.co\/P1UmyCuMyq<\/a> <a href=\"https:\/\/t.co\/lePKpwHsc6\">pic.twitter.com\/lePKpwHsc6<\/a><\/p>\n<p>&mdash; Trail of Bits (@trailofbits) <a href=\"https:\/\/twitter.com\/trailofbits\/status\/1770443182943170671?ref_src=twsrc%5Etfw\">March 20, 2024<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<h3>Vulnerabilities<\/h3>\n<p>The <strong>vulnerabilities<\/strong> resulting from my source code review are:<\/p>\n<ul>\n<li><a href=\"https:\/\/github.com\/RIOT-OS\/RIOT\/security\/advisories\/GHSA-2572-7q7c-3965\">CVE-2024-31225<\/a> &#8211; Lack of size check and buffer overflow in RIOT cord.<\/li>\n<li><a href=\"https:\/\/github.com\/RIOT-OS\/RIOT\/security\/advisories\/GHSA-v97j-w9m6-c4h3\">CVE-2024-32017<\/a> &#8211; Buffer overflows in RIOT GCoAP.<\/li>\n<li><a href=\"https:\/\/github.com\/RIOT-OS\/RIOT\/security\/advisories\/GHSA-899m-q6pp-hmp3\">CVE-2024-32018<\/a> &#8211; Ineffective size check due to assert() and buffer overflow in RIOT NimBLE.<\/li>\n<li><a href=\"https:\/\/github.com\/RIOT-OS\/RIOT\/security\/advisories\/GHSA-x3j5-hfrr-5x6q\">GHSA-x3j5-hfrr-5x6q<\/a> &#8211; Unsafe use of the return value of vsnprintf() and out-of-bounds memory access in RIOT ESP.<\/li>\n<li><a href=\"https:\/\/github.com\/RIOT-OS\/RIOT\/security\/advisories\/GHSA-pw2r-pp35-xfmj\">GHSA-pw2r-pp35-xfmj<\/a> &#8211; Ineffective size check due to assert() and buffer overflow in RIOT BLE.<\/li>\n<li><a href=\"https:\/\/github.com\/RIOT-OS\/RIOT\/security\/advisories\/GHSA-c4p4-vv7v-3hx8\">GHSA-c4p4-vv7v-3hx8<\/a> &#8211; Ineffective size check due to assert() and buffer overflow in RIOT SUIT.<\/li>\n<li><a href=\"https:\/\/github.com\/RIOT-OS\/RIOT\/security\/advisories\/GHSA-r87w-9vw9-f7cx\">GHSA-r87w-9vw9-f7cx<\/a> &#8211; Integer wraparound and buffer overflow in RIOT mtd_emulated.<\/li>\n<li><a href=\"https:\/\/github.com\/RIOT-OS\/RIOT\/security\/advisories\/GHSA-2hx7-c324-3rxv\">GHSA-2hx7-c324-3rxv<\/a> &#8211; Off-by-one buffer overflow and unterminated string in RIOT lwext4.<\/li>\n<li><a href=\"https:\/\/github.com\/RIOT-OS\/RIOT\/security\/advisories\/GHSA-frp5-4gfp-84j3\">GHSA-frp5-4gfp-84j3<\/a> &#8211; Unsafe use of the return value of snprintf() and out-of-bounds memory access in RIOT shell<\/li>\n<li><a href=\"https:\/\/github.com\/RIOT-OS\/RIOT\/security\/advisories\/GHSA-x27v-gqp4-7jq3\">GHSA-x27v-gqp4-7jq3<\/a> &#8211; Lack of size checks and buffer overflows in RIOT emCute<\/li>\n<\/ul>\n<p>For additional information about these <strong>vulnerabilities<\/strong> and their <strong>fixes<\/strong>, please refer to the detailed <a href=\"https:\/\/github.com\/hnsecurity\/vulns\/blob\/main\/HNS-2024-07-riot.txt\">advisory<\/a>.<\/p>\n<p>It took me about <strong>16 hours<\/strong> to complete the code review, not counting the time spent in the disclosure process.<\/p>\n<h3>Disclosure and fixes<\/h3>\n<p>I reported the vulnerabilities discussed in this advisory to RIOT maintainers in January 2024, via the handy <a href=\"https:\/\/docs.github.com\/en\/code-security\/security-advisories\/guidance-on-reporting-and-writing-information-about-vulnerabilities\/privately-reporting-a-security-vulnerability\">private reporting feature<\/a> that is available on GitHub. I&#8217;m not sure of the reason of the significant delay in the initial maintainers&#8217; response. However, once I got their attention they quickly triaged and fixed all vulnerabilities (with the exception of <a href=\"https:\/\/github.com\/RIOT-OS\/RIOT\/security\/advisories\/GHSA-x27v-gqp4-7jq3\">GHSA-x27v-gqp4-7jq3<\/a> that is currently being discussed publicly because it&#8217;s not considered security critical). They also informed me that:<\/p>\n<ul>\n<li>They are treating such delay as an additional security incident.<\/li>\n<li>They added another maintainer to the security group as an immediate action.<\/li>\n<li>They plan on discussing this shortcoming on the next maintainer assembly to find a long-term solution.<\/li>\n<\/ul>\n<p>The coordinated <strong>disclosure timeline<\/strong> follows:<\/p>\n<ul>\n<li>2024-01-10: reported the first vulnerability to the RIOT project.<\/li>\n<li>2024-01-11: reported four more vulnerabilities.<\/li>\n<li>2024-01-12: reported the rest of the vulnerabilities.<\/li>\n<li>2024-02-09: asked for feedback on &lt;security@riot-os.org&gt;.<\/li>\n<li>2024-03-05: asked again for feedback on &lt;security@riot-os.org&gt;.<\/li>\n<li>2024-04-05: asked again for feedback via GitHub and got the first reply.<\/li>\n<li>2024-04-06: started collaborating with RIOT to evaluate proposed fixes.<\/li>\n<li>2024-04-10: First security advisory published on GitHub.<\/li>\n<li>2024-04-17: Another security advisory published on GitHub.<\/li>\n<li>2024-04-24: Asked for a status update on the remaining reports.<\/li>\n<li>2024-04-25: Two more security advisories published on GitHub.<\/li>\n<li>2024-04-26: Another security advisory published on GitHub.<\/li>\n<li>2024-04-30: Three more security advisories published on GitHub.<\/li>\n<li>2024-05-07: Published advisory and writeup.<\/li>\n<\/ul>\n<h3>Acknowledgments<\/h3>\n<p>I would like to thank the RIOT maintainers for triaging and fixing the reported vulnerabilities in a particularly friendly and professional way. I really appreciated working with them!<\/p>\n<p><a href=\"https:\/\/hal9.ooo\/@Teufelchen\/112360432273423720\"><img decoding=\"async\" class=\"wp-image-3306 size-full aligncenter\" src=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/04\/Screenshot-2024-04-30-at-23.08.36-1.png\" alt=\"\" width=\"578\" height=\"320\" srcset=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/04\/Screenshot-2024-04-30-at-23.08.36-1.png 578w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/04\/Screenshot-2024-04-30-at-23.08.36-1-300x166.png 300w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/04\/Screenshot-2024-04-30-at-23.08.36-1-350x194.png 350w\" sizes=\"(max-width: 578px) 100vw, 578px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;Where there is parsing, there are bugs.&#8221; &#8212; Dr. Silvio Cesare Summary RIOT is a free, open-source, real-time operating system [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":159947,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[81],"tags":[82,116,117,149,203,75],"class_list":["post-3234","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-vulnerabilities","tag-vulnerability-research","tag-c-c","tag-code-review","tag-iot","tag-riot","tag-advisory"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>HN Security - Multiple vulnerabilities in RIOT OS -<\/title>\n<meta name=\"description\" content=\"Coordinated disclosure writeup about multiple vulnerabilities in RIOT OS (CVE-2024-31225, CVE-2024-32017, CVE-2024-32018, and more).\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hnsecurity.it\/it\/blog\/multiple-vulnerabilities-in-riot-os\/\" \/>\n<meta property=\"og:locale\" content=\"it_IT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"HN Security - Multiple vulnerabilities in RIOT OS -\" \/>\n<meta property=\"og:description\" content=\"Coordinated disclosure writeup about multiple vulnerabilities in RIOT OS (CVE-2024-31225, CVE-2024-32017, CVE-2024-32018, and more).\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hnsecurity.it\/it\/blog\/multiple-vulnerabilities-in-riot-os\/\" \/>\n<meta property=\"og:site_name\" content=\"HN Security\" \/>\n<meta property=\"article:published_time\" content=\"2024-05-07T07:28:05+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-10-21T09:12:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/RIOT-OS.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"836\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Marco Ivaldi\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@hnsec\" \/>\n<meta name=\"twitter:site\" content=\"@hnsec\" \/>\n<meta name=\"twitter:label1\" content=\"Scritto da\" \/>\n\t<meta name=\"twitter:data1\" content=\"Marco Ivaldi\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tempo di lettura stimato\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minuti\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/multiple-vulnerabilities-in-riot-os\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/multiple-vulnerabilities-in-riot-os\\\/\"},\"author\":{\"name\":\"Marco Ivaldi\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#\\\/schema\\\/person\\\/89a4174c275f05d6148fb0fdedc8de4f\"},\"headline\":\"Multiple vulnerabilities in RIOT OS\",\"datePublished\":\"2024-05-07T07:28:05+00:00\",\"dateModified\":\"2025-10-21T09:12:47+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/multiple-vulnerabilities-in-riot-os\\\/\"},\"wordCount\":714,\"publisher\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/multiple-vulnerabilities-in-riot-os\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/hnsecurity.it\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/RIOT-OS.jpg\",\"keywords\":[\"vulnerability research\",\"c\\\/c++\",\"code review\",\"iot\",\"riot\",\"advisory\"],\"articleSection\":[\"Vulnerabilities\"],\"inLanguage\":\"it-IT\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/multiple-vulnerabilities-in-riot-os\\\/\",\"url\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/multiple-vulnerabilities-in-riot-os\\\/\",\"name\":\"HN Security - Multiple vulnerabilities in RIOT OS -\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/multiple-vulnerabilities-in-riot-os\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/multiple-vulnerabilities-in-riot-os\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/hnsecurity.it\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/RIOT-OS.jpg\",\"datePublished\":\"2024-05-07T07:28:05+00:00\",\"dateModified\":\"2025-10-21T09:12:47+00:00\",\"description\":\"Coordinated disclosure writeup about multiple vulnerabilities in RIOT OS (CVE-2024-31225, CVE-2024-32017, CVE-2024-32018, and more).\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/multiple-vulnerabilities-in-riot-os\\\/#breadcrumb\"},\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/multiple-vulnerabilities-in-riot-os\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/multiple-vulnerabilities-in-riot-os\\\/#primaryimage\",\"url\":\"https:\\\/\\\/hnsecurity.it\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/RIOT-OS.jpg\",\"contentUrl\":\"https:\\\/\\\/hnsecurity.it\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/RIOT-OS.jpg\",\"width\":1600,\"height\":836,\"caption\":\"Riot logo\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/multiple-vulnerabilities-in-riot-os\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Multiple vulnerabilities in RIOT OS\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#website\",\"url\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/\",\"name\":\"HN Security\",\"description\":\"Offensive Security Specialists\",\"publisher\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"it-IT\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#organization\",\"name\":\"HN Security\",\"url\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hnsecurity.it\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/hn-libellula.jpg\",\"contentUrl\":\"https:\\\/\\\/hnsecurity.it\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/hn-libellula.jpg\",\"width\":696,\"height\":696,\"caption\":\"HN Security\"},\"image\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/hnsec\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/hnsecurity\\\/\",\"https:\\\/\\\/github.com\\\/hnsecurity\",\"https:\\\/\\\/infosec.exchange\\\/@hnsec\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#\\\/schema\\\/person\\\/89a4174c275f05d6148fb0fdedc8de4f\",\"name\":\"Marco Ivaldi\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a8a96db06e7315a061d28b320ee7bb4c9d0f1535c58bf0f54218bf8a7569bea0?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a8a96db06e7315a061d28b320ee7bb4c9d0f1535c58bf0f54218bf8a7569bea0?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a8a96db06e7315a061d28b320ee7bb4c9d0f1535c58bf0f54218bf8a7569bea0?s=96&d=mm&r=g\",\"caption\":\"Marco Ivaldi\"},\"url\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/author\\\/marco-ivaldi\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"HN Security - Multiple vulnerabilities in RIOT OS -","description":"Coordinated disclosure writeup about multiple vulnerabilities in RIOT OS (CVE-2024-31225, CVE-2024-32017, CVE-2024-32018, and more).","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hnsecurity.it\/it\/blog\/multiple-vulnerabilities-in-riot-os\/","og_locale":"it_IT","og_type":"article","og_title":"HN Security - Multiple vulnerabilities in RIOT OS -","og_description":"Coordinated disclosure writeup about multiple vulnerabilities in RIOT OS (CVE-2024-31225, CVE-2024-32017, CVE-2024-32018, and more).","og_url":"https:\/\/hnsecurity.it\/it\/blog\/multiple-vulnerabilities-in-riot-os\/","og_site_name":"HN Security","article_published_time":"2024-05-07T07:28:05+00:00","article_modified_time":"2025-10-21T09:12:47+00:00","og_image":[{"width":1600,"height":836,"url":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/RIOT-OS.jpg","type":"image\/jpeg"}],"author":"Marco Ivaldi","twitter_card":"summary_large_image","twitter_creator":"@hnsec","twitter_site":"@hnsec","twitter_misc":{"Scritto da":"Marco Ivaldi","Tempo di lettura stimato":"4 minuti"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hnsecurity.it\/it\/blog\/multiple-vulnerabilities-in-riot-os\/#article","isPartOf":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/multiple-vulnerabilities-in-riot-os\/"},"author":{"name":"Marco Ivaldi","@id":"https:\/\/hnsecurity.it\/it\/#\/schema\/person\/89a4174c275f05d6148fb0fdedc8de4f"},"headline":"Multiple vulnerabilities in RIOT OS","datePublished":"2024-05-07T07:28:05+00:00","dateModified":"2025-10-21T09:12:47+00:00","mainEntityOfPage":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/multiple-vulnerabilities-in-riot-os\/"},"wordCount":714,"publisher":{"@id":"https:\/\/hnsecurity.it\/it\/#organization"},"image":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/multiple-vulnerabilities-in-riot-os\/#primaryimage"},"thumbnailUrl":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/RIOT-OS.jpg","keywords":["vulnerability research","c\/c++","code review","iot","riot","advisory"],"articleSection":["Vulnerabilities"],"inLanguage":"it-IT"},{"@type":"WebPage","@id":"https:\/\/hnsecurity.it\/it\/blog\/multiple-vulnerabilities-in-riot-os\/","url":"https:\/\/hnsecurity.it\/it\/blog\/multiple-vulnerabilities-in-riot-os\/","name":"HN Security - Multiple vulnerabilities in RIOT OS -","isPartOf":{"@id":"https:\/\/hnsecurity.it\/it\/#website"},"primaryImageOfPage":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/multiple-vulnerabilities-in-riot-os\/#primaryimage"},"image":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/multiple-vulnerabilities-in-riot-os\/#primaryimage"},"thumbnailUrl":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/RIOT-OS.jpg","datePublished":"2024-05-07T07:28:05+00:00","dateModified":"2025-10-21T09:12:47+00:00","description":"Coordinated disclosure writeup about multiple vulnerabilities in RIOT OS (CVE-2024-31225, CVE-2024-32017, CVE-2024-32018, and more).","breadcrumb":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/multiple-vulnerabilities-in-riot-os\/#breadcrumb"},"inLanguage":"it-IT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hnsecurity.it\/it\/blog\/multiple-vulnerabilities-in-riot-os\/"]}]},{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/hnsecurity.it\/it\/blog\/multiple-vulnerabilities-in-riot-os\/#primaryimage","url":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/RIOT-OS.jpg","contentUrl":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/RIOT-OS.jpg","width":1600,"height":836,"caption":"Riot logo"},{"@type":"BreadcrumbList","@id":"https:\/\/hnsecurity.it\/it\/blog\/multiple-vulnerabilities-in-riot-os\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hnsecurity.it\/it\/"},{"@type":"ListItem","position":2,"name":"Multiple vulnerabilities in RIOT OS"}]},{"@type":"WebSite","@id":"https:\/\/hnsecurity.it\/it\/#website","url":"https:\/\/hnsecurity.it\/it\/","name":"HN Security","description":"Offensive Security Specialists","publisher":{"@id":"https:\/\/hnsecurity.it\/it\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hnsecurity.it\/it\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"it-IT"},{"@type":"Organization","@id":"https:\/\/hnsecurity.it\/it\/#organization","name":"HN Security","url":"https:\/\/hnsecurity.it\/it\/","logo":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/hnsecurity.it\/it\/#\/schema\/logo\/image\/","url":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2026\/01\/hn-libellula.jpg","contentUrl":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2026\/01\/hn-libellula.jpg","width":696,"height":696,"caption":"HN Security"},"image":{"@id":"https:\/\/hnsecurity.it\/it\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/hnsec","https:\/\/www.linkedin.com\/company\/hnsecurity\/","https:\/\/github.com\/hnsecurity","https:\/\/infosec.exchange\/@hnsec"]},{"@type":"Person","@id":"https:\/\/hnsecurity.it\/it\/#\/schema\/person\/89a4174c275f05d6148fb0fdedc8de4f","name":"Marco Ivaldi","image":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/secure.gravatar.com\/avatar\/a8a96db06e7315a061d28b320ee7bb4c9d0f1535c58bf0f54218bf8a7569bea0?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/a8a96db06e7315a061d28b320ee7bb4c9d0f1535c58bf0f54218bf8a7569bea0?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a8a96db06e7315a061d28b320ee7bb4c9d0f1535c58bf0f54218bf8a7569bea0?s=96&d=mm&r=g","caption":"Marco Ivaldi"},"url":"https:\/\/hnsecurity.it\/it\/blog\/author\/marco-ivaldi\/"}]}},"jetpack_featured_media_url":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/RIOT-OS.jpg","_links":{"self":[{"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/posts\/3234","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/comments?post=3234"}],"version-history":[{"count":4,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/posts\/3234\/revisions"}],"predecessor-version":[{"id":160925,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/posts\/3234\/revisions\/160925"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/media\/159947"}],"wp:attachment":[{"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/media?parent=3234"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/categories?post=3234"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/tags?post=3234"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}