CVE-2026-22212
Stack-Based Buffer Overflow in TinyOS mcp2200gpio Utility
Publication date: 2026-01-12
Last updated on: 2026-01-12
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tinyos | tinyos | to 2.1.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-22212 is a stack-based buffer overflow vulnerability in the mcp2200gpio utility of TinyOS versions up to 2.1.2. It occurs because the program uses unsafe string functions strcpy() and strcat() without proper bounds checking when constructing device paths during automatic device discovery. Specifically, attacker-controlled filenames under the /dev/usb/ directory can be crafted to overflow a fixed-size stack buffer, leading to stack memory corruption and application crashes. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to stack memory corruption and cause the mcp2200gpio application to crash, resulting in denial of service. In non-hardened builds, it may also allow a local attacker to execute arbitrary code by overwriting adjacent stack variables, potentially compromising the affected system. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the mcp2200gpio utility on TinyOS versions up to 2.1.2 and by looking for suspicious or unusually long filenames under the /dev/usb/ directory that could trigger the stack-based buffer overflow. A proof of concept involves creating a directory /dev/usb and a file with a long name (e.g., 246 'A' characters) inside it, then running mcp2200gpio with specific parameters to trigger the overflow. To detect potential exploitation or test the vulnerability, you can list files in /dev/usb/ with commands like `ls -l /dev/usb/` and check for abnormally long filenames. Additionally, running mcp2200gpio and monitoring for crashes or AddressSanitizer reports can help detect the issue. However, no specific detection commands are provided in the resources. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding running the vulnerable mcp2200gpio utility on affected TinyOS versions (up to 2.1.2), especially with untrusted or attacker-controlled device paths under /dev/usb/. Removing or restricting access to /dev/usb/ to prevent creation of specially crafted filenames can reduce risk. Applying patches or upgrading to a TinyOS version where this vulnerability is fixed is recommended once available. Since the vulnerability requires local access and low privileges, limiting local user permissions and monitoring for suspicious activity can also help mitigate exploitation. [1, 2]