CVE-2026-56787

MEDIUM 6.5

RTKLIB 2.4.3 - Off-by-One Out-of-Bounds Read in decode_ssr3 via RTCM3 SSR Message

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

0th

RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decode_ssr3 function at src/rtcm3.c:1446 that allows remote attackers to trigger a global buffer overflow via crafted RTCM3 SSR messages with attacker-controlled signal mode fields. Remote attackers can exploit this vulnerability by sending malicious SSR correction streams over NTRIP or serial connections to cause denial of service or crash RTKLIB rovers and CORS servers.

CWE	CWE-193
Vendor	tomojitakasu
Product	rtklib
Published	Jun 25, 2026
Last Updated	Jun 25, 2026

Stay Ahead of the Next One

Get instant alerts for tomojitakasu rtklib

Be the first to know when new medium vulnerabilities affecting tomojitakasu rtklib are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

Low

Affected Versions

tomojitakasu / RTKLIB

0 ≤ 2.4.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/tomojitakasu/RTKLIB/issues/798 vulncheck.com: https://www.vulncheck.com/advisories/rtklib-off-by-one-out-of-bounds-read-in-decode-ssr3-via-rtcm3-ssr-message

Credits

FuzzingLabs