Skip to main content

Rauc

2 CVEs product

Monthly

CVE-2026-34155 HIGH PATCH This Week

Integer overflow in RAUC versions prior to 1.15.2 allows signature bypass on 'plain' format bundles exceeding 2 GiB payload size, enabling attackers with bundle modification capability to alter unverified payload portions while retaining a valid signature. This affects embedded Linux systems relying on RAUC for secure firmware updates.

Buffer Overflow Rauc
NVD GitHub VulDB
CVSS 4.0
7.2
EPSS
0.0%
CVE-2020-25860 MEDIUM POC This Month

The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update file takes place before the. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Rauc
NVD GitHub
CVSS 3.1
6.6
EPSS
1.4%
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Integer overflow in RAUC versions prior to 1.15.2 allows signature bypass on 'plain' format bundles exceeding 2 GiB payload size, enabling attackers with bundle modification capability to alter unverified payload portions while retaining a valid signature. This affects embedded Linux systems relying on RAUC for secure firmware updates.

Buffer Overflow Rauc
NVD GitHub VulDB
EPSS 1% CVSS 6.6
MEDIUM POC This Month

The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update file takes place before the. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Rauc
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy