Impact
RTKLIB through version 2.4.3 contains an out-of-bounds read vulnerability in the getcodepri function when handling unrecognised RINEX observation codes. The negative array indexing into the codepris table triggers a reliable crash and may expose adjacent global data, enabling a denial-of-service condition and, in some scenarios, local memory disclosure. This flaw is a classic example of CWE‑125, where an application reads memory outside the bounds of a buffer it owns.
Affected Systems
The affected product is RTKLIB version 2.4.3 developed by tomojitakasu. No other product or version information is listed. Systems that execute RTKLIB and process RINEX observation files, especially those that import unknown observation types, are vulnerable.
Risk and Exploitability
The CVSS score of 4.8 indicates moderate severity. EPSS is not available, and the vulnerability is not listed in CISA KEV, suggesting it is not a known actively exploited issue. Based on the description, the likely attack vector is supplying a crafted RINEX observation file to a running instance of RTKLIB, which could be local or remote if the program accepts files over a network. The exploit requires only the ability to feed a malicious RINEX file to the vulnerable process, resulting in a predictable crash or partial memory disclosure.
OpenCVE Enrichment