CVE Catalog

CVE-2026-56788

MediumCVSS 4.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile — higher than 2% of all known CVEs

Summary

RTKLIB through version 2.4.3 contains an out-of-bounds read vulnerability in the getcodepri function when processing unrecognized RINEX observation codes. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table, resulting in reliable crashes and potential memory disclosure of adjacent global data.

Risk Assessment

An attacker can exploit this vulnerability to cause a denial of service (DoS) by providing a malicious RINEX file, potentially disrupting systems using RTKLIB. Additionally, there is a risk of leaking sensitive data from memory.

Recommendation

It is recommended to update RTKLIB to the latest version that fixes this vulnerability. If an update is not possible, avoid processing untrusted RINEX files.

Original NVD description (English source)

RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table, resulting in reliable crashes and potential memory disclosure of adjacent global data.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS