RTKLIB 2.4.3 - Out-of-bounds Read via Negative Array Index in getcodepri
Summary
| CVE | CVE-2026-56788 |
|---|---|
| State | PUBLISHED |
| Assigner | VulnCheck |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-06-25 19:16:45 UTC |
| Updated | 2026-07-14 22:17:22 UTC |
| Description | RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table, resulting in reliable crashes and potential memory disclosure of adjacent global data. |
Risk And Classification
Primary CVSS: v4.0 4.8 MEDIUM from [email protected]
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS: 0.001190000 probability, percentile 0.021100000 (date 2026-07-16)
Problem Types: CWE-125 | CWE-125 Out-of-bounds Read
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | [email protected] | Secondary | 4.8 | MEDIUM | CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/C... |
| 4.0 | CNA | CVSS | 4.8 | MEDIUM | CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N |
| 3.1 | [email protected] | Primary | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H |
| 3.1 | [email protected] | Secondary | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L |
| 3.1 | CNA | CVSS | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L |
CVSS v4.0 Breakdown
Attack Vector
LocalAttack Complexity
LowAttack Requirements
NonePrivileges Required
NoneUser Interaction
PassiveConfidentiality
LowIntegrity
NoneAvailability
LowSub Conf.
NoneSub Integrity
NoneSub Availability
NoneCVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVSS v3.1 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
NoneUser Interaction
RequiredScope
UnchangedConfidentiality
HighIntegrity
NoneAvailability
HighCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Tomojitakasu | RTKLIB | affected 2.4.3 semver | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| github.com/tomojitakasu/RTKLIB/issues/797 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | github.com | Exploit, Issue Tracking, Third Party Advisory |
| www.vulncheck.com/advisories/rtklib-out-of-bounds-read-via-negative-array-index... | [email protected] | www.vulncheck.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: FuzzingLabs (en)
There are currently no legacy QID mappings associated with this CVE.