Impact
This vulnerability arises when RTKLIB processes RINEX observation files that declare more than 64 satellites in a single epoch. The readrnxobsb function does not clamp the provided count, leading to a heap buffer overflow and an adjacent stack read. An attacker can craft a malicious RINEX file to overwrite memory, leading to a crash or unpredictable behavior. The weakness is a classic heap buffer overflow (CWE‑122) that can result in denial of service.
Affected Systems
The flaw affects the RTKLIB package published by Tomojitakasu, specifically versions up to and including 2.4.3. Applications that use the rnx2rtkp or RTKPOST components are affected.
Risk and Exploitability
The vulnerability carries a CVSS score of 7.1, indicating moderate severity. The EPSS score is currently unavailable, and the flaw is not listed in the CISA KEV catalog. The attack requires access to a RINEX file fed to the vulnerable function, so a local attacker or an attacker able to supply a crafted file to the application can exploit it. The fact that the vulnerability leads to heap corruption makes it potentially exploitable for denial of service, but the lack of an available public exploit reduces the likelihood of widespread exploitation for now.
OpenCVE Enrichment