CVE-2022-25051

NameCVE-2022-25051
DescriptionAn Off-by-one Error occurs in cmr113_decode of rtl_433 21.12 when decoding a crafted file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1008000

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
rtl-433 (PTS)bullseye20.11-1vulnerable
bookworm22.11-1fixed
sid, trixie24.10-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
rtl-433sourceexperimental21.12+git20220718+ds-1
rtl-433source(unstable)21.12+git20220718+ds-21008000

Notes

[bullseye] - rtl-433 <no-dsa> (Minor issue)
https://github.com/merbanan/rtl_433/commit/2dad7b9fc67a1d0bfbe520fbd821678b8f8cc7a8
https://github.com/merbanan/rtl_433/issues/1960
https://huntr.dev/bounties/78eee103-bd61-4b4f-b054-04ad996b39e7/

Search for package or bug name: Reporting problems