CVE-2026-56787 | THREATINT

Description

RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decode_ssr3 function at src/rtcm3.c:1446 that allows remote attackers to trigger a global buffer overflow via crafted RTCM3 SSR messages with attacker-controlled signal mode fields. Remote attackers can exploit this vulnerability by sending malicious SSR correction streams over NTRIP or serial connections to cause denial of service or crash RTKLIB rovers and CORS servers.

PUBLISHED Reserved 2026-06-23 | Published 2026-06-25 | Updated 2026-06-25 | Assigner VulnCheck

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Problem types

Off-by-one Error

Product status

Default status

unaffected

Any version

affected

Credits

FuzzingLabs finder

References

github.com/tomojitakasu/RTKLIB/issues/798 (Researcher Disclosure) technical-description exploit

www.vulncheck.com/...ad-in-decode-ssr3-via-rtcm3-ssr-message third-party-advisory

cve.org (CVE-2026-56787)

nvd.nist.gov (CVE-2026-56787)

Download JSON