CVE-2026-56789 | RTKLIB through 2.4.3 contains a heap buffer overflow vulnera… | CVSS 6.5 MEDIUM

Description

RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count values from RINEX epoch headers. Attackers can craft malicious RINEX files declaring more than 64 satellites per epoch to cause heap buffer overflow writes and out-of-bounds stack reads, crashing RTKLIB-based applications including rnx2rtkp and RTKPOST.

Metadata

CVE ID: CVE-2026-56789
State: PUBLISHED
Assigner: VulnCheck
Reserved: 2026-06-23 01:24 UTC
Published: 2026-06-25 18:14 UTC
Last updated: 2026-06-25 18:26 UTC
Primary CWE: CWE-122
Heap-based Buffer Overflow
Vendor / Product: tomojitakasu / RTKLIB
Sources: cve.org · NVD

Severity & Metrics

6.5 MEDIUM CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

SSVC — CISA Coordinator

Exploitation: PoC
Automatable: no
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
tomojitakasu	RTKLIB	—	0 ≤ 2.4.3

Weakness (CWE)

CWE	Source	Description
CWE-122	cna	Heap-based Buffer Overflow

CVSS scores (2)

Score	Severity	Version	Source	Vector
7.1	HIGH	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
6.5	MEDIUM	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References (2)