MEDIUM
TinyOS
CVE published 2026-01-12
CVE-2026-22212
A stack-based buffer overflow vulnerability exists in TinyOS versions up to and including 2.1.2 within the mcp2200gpio utility. This issue arises from the unsafe use of strcpy() and strcat() functions during automatic device discovery, allowing a local attacker to create specially crafted filenames under /dev/usb/ that lead to stack memory corruption and application crashes.