CVE-2026-22212
Unknown Unknown - Not Provided
Stack-Based Buffer Overflow in TinyOS mcp2200gpio Utility

Publication date: 2026-01-12

Last updated on: 2026-01-12

Assigner: VulnCheck

Description
TinyOS versions up to and including 2.1.2 contain a stack-based buffer overflow vulnerability in the mcp2200gpio utility. The vulnerability is caused by unsafe use of strcpy() and strcat() functions when constructing device paths during automatic device discovery. A local attacker can exploit this by creating specially crafted filenames under /dev/usb/, leading to stack memory corruption and application crashes.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-12
Last Modified
2026-01-12
Generated
2026-06-16
AI Q&A
2026-01-13
EPSS Evaluated
2026-06-15
NVD
CVE-2026-22212
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tinyos tinyos to 2.1.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-22212 is a stack-based buffer overflow vulnerability in the mcp2200gpio utility of TinyOS versions up to 2.1.2. It occurs because the program uses unsafe string functions strcpy() and strcat() without proper bounds checking when constructing device paths during automatic device discovery. Specifically, attacker-controlled filenames under the /dev/usb/ directory can be crafted to overflow a fixed-size stack buffer, leading to stack memory corruption and application crashes. [1, 2]

Impact Analysis

This vulnerability can lead to stack memory corruption and cause the mcp2200gpio application to crash, resulting in denial of service. In non-hardened builds, it may also allow a local attacker to execute arbitrary code by overwriting adjacent stack variables, potentially compromising the affected system. [1, 2]

Detection Guidance

This vulnerability can be detected by checking for the presence of the mcp2200gpio utility on TinyOS versions up to 2.1.2 and by looking for suspicious or unusually long filenames under the /dev/usb/ directory that could trigger the stack-based buffer overflow. A proof of concept involves creating a directory /dev/usb and a file with a long name (e.g., 246 'A' characters) inside it, then running mcp2200gpio with specific parameters to trigger the overflow. To detect potential exploitation or test the vulnerability, you can list files in /dev/usb/ with commands like `ls -l /dev/usb/` and check for abnormally long filenames. Additionally, running mcp2200gpio and monitoring for crashes or AddressSanitizer reports can help detect the issue. However, no specific detection commands are provided in the resources. [2]

Mitigation Strategies

Immediate mitigation steps include avoiding running the vulnerable mcp2200gpio utility on affected TinyOS versions (up to 2.1.2), especially with untrusted or attacker-controlled device paths under /dev/usb/. Removing or restricting access to /dev/usb/ to prevent creation of specially crafted filenames can reduce risk. Applying patches or upgrading to a TinyOS version where this vulnerability is fixed is recommended once available. Since the vulnerability requires local access and low privileges, limiting local user permissions and monitoring for suspicious activity can also help mitigate exploitation. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22212. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart