Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionGitHub Advisory
RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a legitimate signature, an attacker can modify the part of the payload which is not covered by the signature. This issue has been patched in version 1.15.2.
AnalysisAI
Integer overflow in RAUC versions prior to 1.15.2 allows signature bypass on 'plain' format bundles exceeding 2 GiB payload size, enabling attackers with bundle modification capability to alter unverified payload portions while retaining a valid signature. This affects embedded Linux systems relying on RAUC for secure firmware updates.
Technical ContextAI
RAUC (Robust Auto-Update Controller) is a bundle-based system updater for embedded Linux systems that employs cryptographic signatures to ensure bundle integrity. The vulnerability stems from an integer overflow (CWE-196) in the signature calculation logic when processing 'plain' format bundles with payloads exceeding 2 GiB. The overflow causes the signature to cover only the first few bytes of the actual payload rather than the complete bundle, effectively invalidating the cryptographic guarantee. The affected product range includes all RAUC versions before 1.15.2 across all architectures and distributions, as identified by the CPE string cpe:2.3:a:rauc:rauc:*:*:*:*:*:*:*:*.
RemediationAI
Vendor-released patch: RAUC version 1.15.2 and later. Update immediately by upgrading to the patched release available at https://github.com/rauc/rauc/releases/tag/v1.15.2. For deployments unable to upgrade immediately, review bundle generation and distribution processes to ensure 'plain' format bundles remain below 2 GiB payload size as a temporary mitigation; however, this does not address the underlying vulnerability and full patching is strongly recommended. The upstream fix is documented in commit 4fb7c798d6ae412344fb8f8d310d773046af3441 at https://github.com/rauc/rauc/commit/4fb7c798d6ae412344fb8f8d310d773046af3441.
Same weakness CWE-196 – Unsigned to Signed Conversion Error
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-17413