#1140766 rtklib: CVE-2026-56786 CVE-2026-56787 CVE-2026-56788 CVE-2026-56789

Package:
src:rtklib
Source:
src:rtklib
Submitter:
Salvatore Bonaccorso
Date:
2026-06-26 04:13:02 UTC
Severity:
normal
Tags:
#1140766#5
Date:
2026-06-26 04:11:17 UTC
From:
To:
Hi,

The following vulnerabilities were published for rtklib.

CVE-2026-56786[0]:
| RTKLIB through 2.4.3 contains an out-of-bounds write vulnerability
| in decode_type1033 function that fails to clamp length counters to
| destination buffer size, allowing up to 191-byte overflow into fixed
| 64-byte descriptor fields. An attacker controlling an NTRIP or
| serial RTCM3 correction stream can craft a valid CRC-bearing
| type-1033 message to corrupt adjacent rtcm_t object members,
| potentially achieving arbitrary code execution or denial of service.


CVE-2026-56787[1]:
| RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read
| vulnerability in the decode_ssr3 function at src/rtcm3.c:1446 that
| allows remote attackers to trigger a global buffer overflow via
| crafted RTCM3 SSR messages with attacker-controlled signal mode
| fields. Remote attackers can exploit this vulnerability by sending
| malicious SSR correction streams over NTRIP or serial connections to
| cause denial of service or crash RTKLIB rovers and CORS servers.


CVE-2026-56788[2]:
| RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in
| getcodepri function when processing unrecognized RINEX observation
| codes, allowing attackers to trigger denial of service. Crafted
| RINEX files with unknown observation types cause negative array
| indexing into the codepris table, resulting in reliable crashes and
| potential memory disclosure of adjacent global data.


CVE-2026-56789[3]:
| RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability
| in the readrnxobsb function in src/rinex.c that allows attackers to
| trigger memory corruption by failing to clamp satellite count values
| from RINEX epoch headers. Attackers can craft malicious RINEX files
| declaring more than 64 satellites per epoch to cause heap buffer
| overflow writes and out-of-bounds stack reads, crashing RTKLIB-based
| applications including rnx2rtkp and RTKPOST.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-56786
https://www.cve.org/CVERecord?id=CVE-2026-56786
[1] https://security-tracker.debian.org/tracker/CVE-2026-56787
https://www.cve.org/CVERecord?id=CVE-2026-56787
[2] https://security-tracker.debian.org/tracker/CVE-2026-56788
https://www.cve.org/CVERecord?id=CVE-2026-56788
[3] https://security-tracker.debian.org/tracker/CVE-2026-56789
https://www.cve.org/CVERecord?id=CVE-2026-56789

Regards,
Salvatore