RTKLIB 2.4.3 – Out-of-bounds Read via Negative Array Index in...

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

Description

RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table, resulting in reliable crashes and potential memory disclosure of adjacent global data.

Basic Information

ID CVE-2026-56788

Source VulnCheck

Published Jun 25, 2026 at 18:13

Affected Product

Vendor tomojitakasu

Product RTKLIB

Affected Versions tomojitakasu RTKLIB 0

CWE Classification

CWE-125

References

{
    "lastseen": "",
    "description": "RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table, resulting in reliable crashes and potential memory disclosure of adjacent global data.",
    "published": "2026-06-25T18:13:15.671Z",
    "modified": "2026-06-25T18:13:15.671Z",
    "type": "cve",
    "title": "RTKLIB 2.4.3 - Out-of-bounds Read via Negative Array Index in getcodepri",
    "source": "VulnCheck",
    "references": "https://github.com/tomojitakasu/RTKLIB/issues/797\nhttps://www.vulncheck.com/advisories/rtklib-out-of-bounds-read-via-negative-array-index-in-getcodepri",
    "id": "CVE-2026-56788",
    "bulletinFamily": "",
    "cwe": [
        "CWE-125"
    ],
    "cvelist": null,
    "sourceData": "tomojitakasu RTKLIB 0",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "RTKLIB",
    "version": "0",
    "vendor": "tomojitakasu",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

RTKLIB 2.4.3 – Out-of-bounds Read via Negative Array Index in getcodepri_CVE-2026-56788