{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22212", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-01-06T16:47:17.187Z", "datePublished": "2026-01-12T23:02:45.973Z", "dateUpdated": "2026-01-13T19:06:27.766Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "TinyOS", "repo": "https://github.com/tinyos/tinyos-main", "vendor": "TinyOS", "versions": [{"lessThanOrEqual": "2.1.2", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Ron Edgerson"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "TinyOS versions up to and including 2.1.2 contain a stack-based buffer overflow vulnerability in the mcp2200gpio utility. The vulnerability is caused by unsafe use of strcpy() and strcat() functions when constructing device paths during automatic device discovery. A local attacker can exploit this by creating specially crafted filenames under /dev/usb/, leading to stack memory corruption and application crashes."}], "value": "TinyOS versions up to and including 2.1.2 contain a stack-based buffer overflow vulnerability in the mcp2200gpio utility. The vulnerability is caused by unsafe use of strcpy() and strcat() functions when constructing device paths during automatic device discovery. A local attacker can exploit this by creating specially crafted filenames under /dev/usb/, leading to stack memory corruption and application crashes."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 4.8, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-01-12T23:02:45.973Z"}, "references": [{"tags": ["technical-description", "exploit"], "url": "https://seclists.org/fulldisclosure/2026/Jan/14"}, {"tags": ["product"], "url": "https://github.com/tinyos/tinyos-main"}, {"tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/tinyos-stack-based-buffer-overflow-in-mcp2200gpio"}], "source": {"discovery": "UNKNOWN"}, "title": "TinyOS <= 2.1.2 Stack-Based Buffer Overflow in mcp2200gpio", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-13T19:06:12.050843Z", "id": "CVE-2026-22212", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-13T19:06:27.766Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22212", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-13T19:06:12.050843Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-13T19:06:23.122Z"}}], "cna": {"title": "TinyOS <= 2.1.2 Stack-Based Buffer Overflow in mcp2200gpio", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Ron Edgerson"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/tinyos/tinyos-main", "vendor": "TinyOS", "product": "TinyOS", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.1.2"}], "defaultStatus": "unknown"}], "references": [{"url": "https://seclists.org/fulldisclosure/2026/Jan/14", "tags": ["technical-description", "exploit"]}, {"url": "https://github.com/tinyos/tinyos-main", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/tinyos-stack-based-buffer-overflow-in-mcp2200gpio", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "TinyOS versions up to and including 2.1.2 contain a stack-based buffer overflow vulnerability in the mcp2200gpio utility. The vulnerability is caused by unsafe use of strcpy() and strcat() functions when constructing device paths during automatic device discovery. A local attacker can exploit this by creating specially crafted filenames under /dev/usb/, leading to stack memory corruption and application crashes.", "supportingMedia": [{"type": "text/html", "value": "TinyOS versions up to and including 2.1.2 contain a stack-based buffer overflow vulnerability in the mcp2200gpio utility. The vulnerability is caused by unsafe use of strcpy() and strcat() functions when constructing device paths during automatic device discovery. A local attacker can exploit this by creating specially crafted filenames under /dev/usb/, leading to stack memory corruption and application crashes.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-01-12T23:02:45.973Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22212", "state": "PUBLISHED", "dateUpdated": "2026-01-13T19:06:27.766Z", "dateReserved": "2026-01-06T16:47:17.187Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-01-12T23:02:45.973Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "TinyOS versions up to and including 2.1.2 contain a stack-based buffer overflow vulnerability in the mcp2200gpio utility. The vulnerability is caused by unsafe use of strcpy() and strcat() functions when constructing device paths during automatic device discovery. A local attacker can exploit this by creating specially crafted filenames under /dev/usb/, leading to stack memory corruption and application crashes."}, {"lang": "es", "value": "Las versiones de TinyOS hasta la 2.1.2 inclusive contienen una vulnerabilidad de desbordamiento de b\u00fafer basado en pila en la utilidad mcp2200gpio. La vulnerabilidad es causada por el uso inseguro de las funciones strcpy() y strcat() al construir rutas de dispositivos durante el descubrimiento autom\u00e1tico de dispositivos. Un atacante local puede explotar esto creando nombres de archivo especialmente manipulados bajo /dev/usb/, lo que lleva a corrupci\u00f3n de memoria de pila y ca\u00eddas de la aplicaci\u00f3n."}], "id": "CVE-2026-22212", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-01-12T23:15:52.140", "references": [{"source": "disclosure@vulncheck.com", "url": "https://github.com/tinyos/tinyos-main"}, {"source": "disclosure@vulncheck.com", "url": "https://seclists.org/fulldisclosure/2026/Jan/14"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/tinyos-stack-based-buffer-overflow-in-mcp2200gpio"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T16:26:22.756843+00:00", "value": {"mitigation_remediation": ["Upgrade TinyOS to a version later than 2.1.2 to remove the unsafe string operations in mcp2200gpio.", "If an upgrade is not feasible, restrict write permissions to /dev/usb/ so that only trusted users can create device path files.", "Disable automatic device discovery in mcp2200gpio or configure it to ignore /dev/usb/ directories to prevent the overflow from being triggered."], "summary": {"action": "Patch Now", "impact": "Denial of Service via stack buffer overflow"}, "threat_synthesis": {"affected_systems": "The affected product is TinyOS, specifically all releases up to and including 2.1.2. Devices running these versions that perform automatic device discovery and allow writing under /dev/usb/ could be affected.", "description_and_impact": "A stack-based buffer overflow in TinyOS 2.1.2 and earlier arises from unsafe use of strcpy() and strcat() when constructing device paths during automatic discovery. A local attacker who can create specially crafted filenames under /dev/usb/ can trigger stack memory corruption, leading to application crashes. The vulnerability is a classic stack overflow (CWE\u2011121).", "risk_and_exploitability": "The CVSS score of 4.8 indicates moderate severity. EPSS indicates a very low probability of exploitation (<1%). The vulnerability is not listed in CISA\u2019s Known Exploited Vulnerabilities catalog. Exploitation requires local file system access, so the attack vector is local (the attacker must be able to create files under /dev/usb/). The impact is denial of service due to stack memory corruption and application crashes."}}}}, "created": "2026-01-13T09:27:19.595391+00:00", "updated": "2026-04-18T16:30:05.086610+00:00", "vendors": ["tinyos", "tinyos$PRODUCT$tinyos"]}