Description
RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table, resulting in reliable crashes and potential memory disclosure of adjacent global data.
Published: 2026-06-25
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

RTKLIB through version 2.4.3 contains an out-of-bounds read vulnerability in the getcodepri function when handling unrecognised RINEX observation codes. The negative array indexing into the codepris table triggers a reliable crash and may expose adjacent global data, enabling a denial-of-service condition and, in some scenarios, local memory disclosure. This flaw is a classic example of CWE‑125, where an application reads memory outside the bounds of a buffer it owns.

Affected Systems

The affected product is RTKLIB version 2.4.3 developed by tomojitakasu. No other product or version information is listed. Systems that execute RTKLIB and process RINEX observation files, especially those that import unknown observation types, are vulnerable.

Risk and Exploitability

The CVSS score of 4.8 indicates moderate severity. EPSS is not available, and the vulnerability is not listed in CISA KEV, suggesting it is not a known actively exploited issue. Based on the description, the likely attack vector is supplying a crafted RINEX observation file to a running instance of RTKLIB, which could be local or remote if the program accepts files over a network. The exploit requires only the ability to feed a malicious RINEX file to the vulnerable process, resulting in a predictable crash or partial memory disclosure.

Generated by OpenCVE AI on June 25, 2026 at 19:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the vendor‑supplied update for RTKLIB 2.4.4 or later that corrects the negative index bug.
  • If an update is unavailable, restrict input to only recognised RINEX observation codes, rejecting files that contain unknown observation types.
  • Run RTKLIB in a sandboxed environment and monitor for crashes to prevent denial-of-service damage.

Generated by OpenCVE AI on June 25, 2026 at 19:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 27 Jun 2026 03:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Tomojitakasu
Tomojitakasu rtklib
Vendors & Products Tomojitakasu
Tomojitakasu rtklib

Thu, 25 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Description RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table, resulting in reliable crashes and potential memory disclosure of adjacent global data.
Title RTKLIB 2.4.3 - Out-of-bounds Read via Negative Array Index in getcodepri
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N'}


Subscriptions

Tomojitakasu Rtklib
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-07-14T21:34:28.951Z

Reserved: 2026-06-23T01:24:27.651Z

Link: CVE-2026-56788

cve-icon Vulnrichment

Updated: 2026-06-27T02:20:29.784Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:36:33Z

Weaknesses