CVE-2026-56787 | RTKLIB through 2.4.3 contains an off-by-one out-of-bounds re… | CVSS 6.5 MEDIUM

Description

RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decode_ssr3 function at src/rtcm3.c:1446 that allows remote attackers to trigger a global buffer overflow via crafted RTCM3 SSR messages with attacker-controlled signal mode fields. Remote attackers can exploit this vulnerability by sending malicious SSR correction streams over NTRIP or serial connections to cause denial of service or crash RTKLIB rovers and CORS servers.

Metadata

CVE ID: CVE-2026-56787
State: PUBLISHED
Assigner: VulnCheck
Reserved: 2026-06-23 01:24 UTC
Published: 2026-06-25 18:12 UTC
Last updated: 2026-06-25 18:27 UTC
Primary CWE: CWE-193
Off-by-one Error
Vendor / Product: tomojitakasu / RTKLIB
Sources: cve.org · NVD

Severity & Metrics

6.5 MEDIUM CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

SSVC — CISA Coordinator

Exploitation: PoC
Automatable: yes
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
tomojitakasu	RTKLIB	—	0 ≤ 2.4.3

Weakness (CWE)

CWE	Source	Description
CWE-193	cna	Off-by-one Error

CVSS scores (2)

Score	Severity	Version	Source	Vector
6.9	MEDIUM	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
6.5	MEDIUM	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

References (2)