CVE-2026-22211
MEDIUMTinyOS <= 2.1.2 - Global Buffer Overflow in printfUART Formatted Output
Title source: llmDescription
TinyOS versions up to and including 2.1.2 contain a global buffer overflow vulnerability in the printfUART formatted output implementation used within the ZigBee / IEEE 802.15.4 networking stack. The implementation formats output into a fixed-size global buffer and concatenates strings for %s format specifiers using strcat() without verifying remaining buffer capacity. When printfUART is invoked with a caller-controlled string longer than the available space, the unbounded sprintf/strcat sequence writes past the end of debugbuf, resulting in global memory corruption. This can cause denial of service, unintended behavior, or information disclosure via corrupted adjacent global state or UART output.
References (3)
Core 3
Core References
Mailing List technical-description
exploit
https://seclists.org/fulldisclosure/2026/Jan/14
Various Sources product
https://github.com/tinyos/tinyos-main
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/tinyos-global-buffer-overflow-in-printfuart
Scores
CVSS v4
5.1
EPSS
0.0016
EPSS Percentile
5.4%
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-787
Status
published
Products (1)
TinyOS/TinyOS
< 2.1.2
Published
Jan 14, 2026
Tracked Since
Feb 18, 2026