Impact
RTKLIB versions through 2.4.3 are affected by an off‑by‑one out‑of‑bounds read in the decode_ssr3 function, which can trigger a global buffer overflow when an attacker provides carefully crafted RTCM3 SSR messages with controlled signal mode fields. This flaw can cause the RTKLIB rover or CORS server to crash, resulting in loss of availability for the host system or connected users.
Affected Systems
Vendors: tomojitakasu:RTKLIB. Products: RTKLIB 2.4.3 and all earlier releases. The vulnerability is triggered in the source file src/rtcm3.c at line 1446 when processing SSR messages over NTRIP or serial interfaces.
Risk and Exploitability
The CVSS score of 6.9 indicates a moderate severity. Because the EPSS score is not available and the vulnerability is not listed in CISA KEV, the documented exploitation likelihood remains uncertain but the ability to remotely supply malicious SSR streams makes the risk material. Attackers can exploit this remotely via NTRIP or serial connections, which are commonly used for real‑time correction streams; thus, the threat is that a remote attacker can cause a denial of service by crashing RTKLIB services.
OpenCVE Enrichment