CVE-2026-56787

NameCVE-2026-56787
DescriptionRTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decode_ssr3 function at src/rtcm3.c:1446 that allows remote attackers to trigger a global buffer overflow via crafted RTCM3 SSR messages with attacker-controlled signal mode fields. Remote attackers can exploit this vulnerability by sending malicious SSR correction streams over NTRIP or serial connections to cause denial of service or crash RTKLIB rovers and CORS servers.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1140766

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
rtklib (PTS)bullseye2.4.3+dfsg1-2.1vulnerable
forky, sid, bookworm, trixie2.4.3.b34+dfsg-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
rtklibsource(unstable)(unfixed)1140766

Notes

https://github.com/tomojitakasu/RTKLIB/issues/798
Search for package or bug name: Reporting problems