Description
A vulnerability was determined in rxi fe up to ed4cda96bd582cbb08520964ba627efb40f3dd91. The impacted element is the function read_ of the file src/fe.c. This manipulation with the input 1 causes out-of-bounds read. The attack requires local access. The exploit has been publicly disclosed and may be utilized. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-03-12
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Patch
AI Analysis

Impact

rxi fe's read_ function in src/fe.c performs an out-of-bounds read when processing a special length-1 input, allowing a local attacker to read memory beyond the intended buffer. This results in Information Disclosure (CWE-119 and CWE-125) and is rated medium severity with a CVSS score of 4.8.

Affected Systems

The vulnerability affects the rxi:fe project, impacting all releases up to commit ed4cda96bd582cbb08520964ba627efb40f3dd91. Because the project follows a rolling-release model, specific version numbers are not published; any build released before the fix is potentially vulnerable.

Risk and Exploitability

The exploit requires local access and has been publicly disclosed, but its EPSS score is below 1% and it is not listed in CISA’s KEV catalog, indicating a low likelihood of widespread exploitation. A local attacker could trigger the out-of-bounds read to obtain sensitive data, but the vulnerability does not provide a path to remote code execution.

Generated by OpenCVE AI on March 18, 2026 at 15:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest commit or update rxi fe to a version that includes the fix (e.g., fetch the latest source from GitHub).
  • If an update is not yet available, restrict the processing of untrusted input or run the program in a restricted environment to prevent malicious inputs.
  • Monitor the rxi fe repository and issue tracker for announced fixes and apply them as soon as possible.

Generated by OpenCVE AI on March 18, 2026 at 15:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Rxi
Rxi fe
Vendors & Products Rxi
Rxi fe

Thu, 12 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 07:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in rxi fe up to ed4cda96bd582cbb08520964ba627efb40f3dd91. The impacted element is the function read_ of the file src/fe.c. This manipulation with the input 1 causes out-of-bounds read. The attack requires local access. The exploit has been publicly disclosed and may be utilized. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.
Title rxi fe fe.c read_ out-of-bounds
Weaknesses CWE-119
CWE-125
References
Metrics cvssV2_0

{'score': 1.7, 'vector': 'AV:L/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 3.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Rxi Fe
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-12T15:02:42.185Z

Reserved: 2026-03-11T19:05:43.939Z

Link: CVE-2026-4012

cve-icon Vulnrichment

Updated: 2026-03-12T15:02:36.526Z

cve-icon NVD

Status : Deferred

Published: 2026-03-12T08:16:11.593

Modified: 2026-04-22T21:30:26.497

Link: CVE-2026-4012

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:50:00Z

Weaknesses