Skip to main content

RTKLIB EUVDEUVD-2026-39530

| CVE-2026-56788 MEDIUM
Out-of-bounds Read (CWE-125)
2026-06-25 VulnCheck GHSA-m65p-fp8q-q43h
4.8
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
4.8 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
4.4 MEDIUM

Local file processing with mandatory user interaction, no privileges required, low confidentiality from adjacent memory read, low availability from reliable crash, no integrity impact.

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 25, 2026 - 18:57 vuln.today

DescriptionCVE.org

RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table, resulting in reliable crashes and potential memory disclosure of adjacent global data.

AnalysisAI

Out-of-bounds read in RTKLIB through 2.4.3 exposes users to denial of service and potential memory disclosure when processing maliciously crafted RINEX observation files. The getcodepri function fails to validate unrecognized observation codes, performing negative array indexing into the codepris table - producing reliable crashes and leaking adjacent global data segments. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft RINEX file with unknown observation codes
Delivery
Deliver file to target system or upload to processing pipeline
Exploit
User or automation triggers RTKLIB processing
Execution
getcodepri encounters unrecognized code
Persist
Negative array index into codepris table
Impact
Out-of-bounds read causes crash (DoS) or leaks adjacent global memory

Vulnerability AssessmentAI

Exploitation Exploitation requires that a user or automated process actively open or pass a crafted RINEX file to an RTKLIB-linked application - confirmed by UI:P in the CVSS 4.0 vector, meaning passive user interaction (e.g., opening a file or triggering a processing pipeline) is mandatory. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 4.8 reflects a moderate-severity local vulnerability with user interaction required (AV:L/UI:P). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a RINEX observation file containing deliberately unrecognized observation type codes and delivers it to a target environment where RTKLIB processes external RINEX data - such as an RTK positioning service ingesting uploaded survey files or an automated geodetic pipeline. When the file is processed, getcodepri computes a negative array index into codepris, triggering an out-of-bounds read that crashes the application and may disclose adjacent global memory contents to the attacker. …
Remediation No vendor-released patch has been identified at time of analysis - the upstream fix reference points to a GitHub issue (#797) rather than a tagged release, so a released patched version is not independently confirmed. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-39530 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy