CVE-2026-56788

RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table, resulting in reliable crashes and potential memory disclosure of adjacent global data.

CVSS v3 4.4 MEDIUM

4.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 2.5

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/tomojitakasu/RTKLIB/issues/797	Exploit Issue Tracking Third Party Advisory
https://www.vulncheck.com/advisories/rtklib-out-of-bounds-read-via-negative-array-index-in-getcodepri	Third Party Advisory
https://github.com/tomojitakasu/RTKLIB/issues/797	Exploit Issue Tracking Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:rtklib:rtklib:*:*:*:*:*:*:*:*

History

27 Jun 2026, 04:17

Type	Values Removed	Values Added
References	~~() https://github.com/tomojitakasu/RTKLIB/issues/797 - Exploit, Issue Tracking, Third Party Advisory~~	() https://github.com/tomojitakasu/RTKLIB/issues/797 - Exploit, Issue Tracking, Third Party Advisory

26 Jun 2026, 16:53

Type	Values Removed	Values Added
CPE		cpe:2.3:a:rtklib:rtklib::::::::
References	~~() https://github.com/tomojitakasu/RTKLIB/issues/797 -~~	() https://github.com/tomojitakasu/RTKLIB/issues/797 - Exploit, Issue Tracking, Third Party Advisory
References	~~() https://www.vulncheck.com/advisories/rtklib-out-of-bounds-read-via-negative-array-index-in-getcodepri -~~	() https://www.vulncheck.com/advisories/rtklib-out-of-bounds-read-via-negative-array-index-in-getcodepri - Third Party Advisory
First Time		Rtklib rtklib Rtklib

25 Jun 2026, 19:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-06-25 19:16

Updated : 2026-06-27 04:17

NVD link : CVE-2026-56788

Mitre link : CVE-2026-56788

CVE.ORG link : CVE-2026-56788

JSON object : View

Products Affected

rtklib

rtklib

CWE

CWE-125

Out-of-bounds Read

{"id": "CVE-2026-56788", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-56788", "role": "CISA Coordinator", "options": [{"exploitation": "poc"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-27T02:19:43.997310Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "affected": [{"source": "disclosure@vulncheck.com", "affectedData": [{"repo": "https://github.com/tomojitakasu/RTKLIB", "vendor": "tomojitakasu", "product": "RTKLIB", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.4.3"}], "defaultStatus": "unaffected"}]}], "published": "2026-06-25T19:16:45.330", "references": [{"url": "https://github.com/tomojitakasu/RTKLIB/issues/797", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/rtklib-out-of-bounds-read-via-negative-array-index-in-getcodepri", "tags": ["Third Party Advisory"], "source": "disclosure@vulncheck.com"}, {"url": "https://github.com/tomojitakasu/RTKLIB/issues/797", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table, resulting in reliable crashes and potential memory disclosure of adjacent global data."}], "lastModified": "2026-06-27T04:17:52.147", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rtklib:rtklib:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6DA91F0-A012-4CAC-8BA9-76C773EFB4E1", "versionEndIncluding": "2.4.3"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@vulncheck.com"}