Skip to main content

Rauc CVE-2026-34155

| EUVDEUVD-2026-17413 HIGH
Unsigned to Signed Conversion Error (CWE-196)
2026-03-31 GitHub_M
7.2
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.2 HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
P
Scope
X

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:10 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
1.15.2
EUVD ID Assigned
Mar 31, 2026 - 13:48 euvd
EUVD-2026-17413
Analysis Generated
Mar 31, 2026 - 13:48 vuln.today
CVE Published
Mar 31, 2026 - 13:28 nvd
HIGH 7.2

DescriptionGitHub Advisory

RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a legitimate signature, an attacker can modify the part of the payload which is not covered by the signature. This issue has been patched in version 1.15.2.

AnalysisAI

Integer overflow in RAUC versions prior to 1.15.2 allows signature bypass on 'plain' format bundles exceeding 2 GiB payload size, enabling attackers with bundle modification capability to alter unverified payload portions while retaining a valid signature. This affects embedded Linux systems relying on RAUC for secure firmware updates.

Technical ContextAI

RAUC (Robust Auto-Update Controller) is a bundle-based system updater for embedded Linux systems that employs cryptographic signatures to ensure bundle integrity. The vulnerability stems from an integer overflow (CWE-196) in the signature calculation logic when processing 'plain' format bundles with payloads exceeding 2 GiB. The overflow causes the signature to cover only the first few bytes of the actual payload rather than the complete bundle, effectively invalidating the cryptographic guarantee. The affected product range includes all RAUC versions before 1.15.2 across all architectures and distributions, as identified by the CPE string cpe:2.3:a:rauc:rauc:*:*:*:*:*:*:*:*.

RemediationAI

Vendor-released patch: RAUC version 1.15.2 and later. Update immediately by upgrading to the patched release available at https://github.com/rauc/rauc/releases/tag/v1.15.2. For deployments unable to upgrade immediately, review bundle generation and distribution processes to ensure 'plain' format bundles remain below 2 GiB payload size as a temporary mitigation; however, this does not address the underlying vulnerability and full patching is strongly recommended. The upstream fix is documented in commit 4fb7c798d6ae412344fb8f8d310d773046af3441 at https://github.com/rauc/rauc/commit/4fb7c798d6ae412344fb8f8d310d773046af3441.

Share

CVE-2026-34155 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy