Description
Integer Overflow or Wraparound vulnerability in Ralim IronOS.This issue affects IronOS: before v2.23-rc2.
Published: 2026-01-27
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Potential memory corruption leading to arbitrary code execution
Action: Apply Patch
AI Analysis

Impact

Integer Overflow or Wraparound vulnerability allows a malicious actor to cause arithmetic overflow in critical code paths within IronOS. The error can corrupt memory or control data, which could lead to arbitrary code execution, privilege escalation or denial of service.

Affected Systems

Affected product is Ralim IronOS firmware version 2.22 and earlier, prior to the release of v2.23-rc2. Systems running these older firmware builds are exposed.

Risk and Exploitability

The CVSS score of 9.8 classifies this vulnerability as critical. An EPSS score of less than 1% indicates low but non‑zero exploitation likelihood, and the issue is not listed in the CISA KEV catalog. The description does not specify an attack vector; based on the nature of integer overflows in networking stacks, it is inferred that exploitation could occur via malformed packets or inputs that trigger wraparound, possibly from remote sources if the vulnerable interfaces are reachable.

Generated by OpenCVE AI on April 18, 2026 at 02:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade IronOS to version v2.23-rc2 or later to eliminate the integer overflow flaw.
  • If an upgrade cannot be performed immediately, isolate the device from untrusted networks and restrict access to the interfaces that process unvalidated input.
  • Deploy firewall rules or network segmentation to block or quarantine traffic that could exploit the vulnerable code paths until a patch is applied.

Generated by OpenCVE AI on April 18, 2026 at 02:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://github.com/Ralim/IronOS/pull/2083 cve-icon cve-icon
History

Tue, 27 Jan 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Ralim
Ralim ironos
Vendors & Products Ralim
Ralim ironos

Tue, 27 Jan 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 27 Jan 2026 09:45:00 +0000

Type Values Removed Values Added
Description Integer Overflow or Wraparound vulnerability in Ralim IronOS.This issue affects IronOS: before v2.23-rc2.
Title Integer Overflow or Wraparound in IronOS
Weaknesses CWE-190
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Ralim Ironos
cve-icon MITRE

Status: PUBLISHED

Assigner: GovTech CSG

Published:

Updated: 2026-01-27T14:31:35.731Z

Reserved: 2026-01-27T08:59:05.366Z

Link: CVE-2026-24830

cve-icon Vulnrichment

Updated: 2026-01-27T14:30:22.559Z

cve-icon NVD

Status : Deferred

Published: 2026-01-27T10:15:50.053

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-24830

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T02:15:05Z

Weaknesses