PatchSiren

TinyOS CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM TinyOS CVE published 2026-01-12

CVE-2026-22212

A stack-based buffer overflow vulnerability exists in TinyOS versions up to and including 2.1.2 within the mcp2200gpio utility. This issue arises from the unsafe use of strcpy() and strcat() functions during automatic device discovery, allowing a local attacker to create specially crafted filenames under /dev/usb/ that lead to stack memory corruption and application crashes.