Skip to main content

RTKLIB CVE-2026-56789

| EUVDEUVD-2026-39531 HIGH
Heap-based Buffer Overflow (CWE-122)
2026-06-25 VulnCheck GHSA-3fqf-8h5x-pq8x
7.1
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
7.1 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.5 MEDIUM

Attacker-supplied file but victim must open it (UI:R); no auth to craft (PR:N); impact is crash only, so C:N/I:N/A:H with unchanged scope.

3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 25, 2026 - 18:50 vuln.today

DescriptionCVE.org

RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count values from RINEX epoch headers. Attackers can craft malicious RINEX files declaring more than 64 satellites per epoch to cause heap buffer overflow writes and out-of-bounds stack reads, crashing RTKLIB-based applications including rnx2rtkp and RTKPOST.

AnalysisAI

Denial-of-service memory corruption in RTKLIB through version 2.4.3 lets an attacker crash GNSS post-processing applications such as rnx2rtkp and RTKPOST by supplying a malicious RINEX observation file. The readrnxobsb function in src/rinex.c fails to clamp the satellite-count value read from RINEX epoch headers, so a file declaring more than 64 satellites per epoch triggers a heap buffer overflow write and out-of-bounds stack reads. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malicious RINEX file (>64 sats/epoch)
Delivery
Deliver file to victim or pipeline
Exploit
Victim opens file in rnx2rtkp/RTKPOST
Execution
readrnxobsb skips satellite-count clamp
Persist
Heap overflow write and OOB stack read
Impact
Application crash / denial of service

Vulnerability AssessmentAI

Exploitation Exploitation requires the victim to open or process an attacker-crafted RINEX observation file (UI:P - passive user interaction is mandatory; this is not a remotely triggerable network service). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are consistent and point to a real but bounded (denial-of-service) risk rather than a critical RCE. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a RINEX observation file whose epoch header declares more than 64 satellites and delivers it to a victim (for example via a shared dataset, email, or a download in an automated processing pipeline). When the victim opens or batch-processes the file with rnx2rtkp or RTKPOST, readrnxobsb overflows the heap buffer and performs out-of-bounds reads, crashing the application. …
Remediation No vendor-released patch version is identified at time of analysis; the upstream reference (https://github.com/tomojitakasu/RTKLIB/issues/796) is an issue report rather than a tagged release or merged fix commit, so monitor that issue and the RTKLIB repository for a patched build and upgrade as soon as one is published. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all RTKLIB deployments running version 2.4.3 or earlier and assess their operational criticality. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-56789 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy