CVE-2025-34450
merbanan/rtl_433 <= 25.02 Stack-based Buffer Overflow
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
merbanan/rtl_433 versions up to and including 25.02 and prior to commit 25e47f8 contain a stack-based buffer overflow vulnerability in the function parse_rfraw() located in src/rfraw.c. When processing crafted or excessively large raw RF input data, the application may write beyond the bounds of a stack buffer, resulting in memory corruption or a crash. This vulnerability can be exploited to cause a denial of service and, under certain conditions, may be leveraged for further exploitation depending on the execution environment and available mitigations.
| CWE | CWE-121 |
| Vendor | merbanan |
| Product | rtl_433 |
| Published | Dec 18, 2025 |
| Last Updated | Mar 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for merbanan rtl_433
Be the first to know when new unknown vulnerabilities affecting merbanan rtl_433 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
merbanan / rtl_433
0 โค 25.02
References
github.com: https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-004-rtl_433-rfraw-parse-overflow.md github.com: https://github.com/merbanan/rtl_433/issues/3375 github.com: https://github.com/dd32/rtl_433/commit/25e47f8 vulncheck.com: https://www.vulncheck.com/advisories/merbanan-rtl-433-stack-based-buffer-overflow
Credits
Vlatko Kosturjak with Marlink Cyber