CVE-2026-56786: Out-of-bounds Write in tomojitakasu RTKLIB
RTKLIB through 2.4.3 contains an out-of-bounds write vulnerability in decode_type1033 function that fails to clamp length counters to destination buffer size, allowing up to 191-byte overflow into fixed 64-byte descriptor fields. An attacker controlling an NTRIP or serial RTCM3 correction stream can craft a valid CRC-bearing type-1033 message to corrupt adjacent rtcm_t object members, potentially achieving arbitrary code execution or denial of service.
AI Analysis
Technical Summary
CVE-2026-56786 is an out-of-bounds write vulnerability in tomojitakasu RTKLIB through version 2.4.3. The issue exists in the decode_type1033 function, which fails to properly clamp length counters to the size of the destination buffer, resulting in an overflow of up to 191 bytes into adjacent fixed 64-byte descriptor fields. An attacker who can control an NTRIP or serial RTCM3 correction stream can send a specially crafted CRC-valid type-1033 message to corrupt adjacent members of the rtcm_t object. This memory corruption can lead to arbitrary code execution or denial of service conditions. The vulnerability is remotely exploitable without authentication and requires no user interaction, making it highly critical. No vendor advisory or patch information is currently available.
Potential Impact
Successful exploitation allows remote attackers to corrupt memory adjacent to a fixed-size buffer in RTKLIB, potentially enabling arbitrary code execution or causing denial of service. The vulnerability affects systems processing NTRIP or serial RTCM3 correction streams with vulnerable RTKLIB versions. The high CVSS score (9.3) reflects the critical nature of this remote, unauthenticated, high-impact vulnerability.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider restricting or validating input from NTRIP or serial RTCM3 correction streams to untrusted sources to reduce exposure. Monitor vendor channels for updates and apply patches promptly once released.
CVE-2026-56786: Out-of-bounds Write in tomojitakasu RTKLIB
Description
RTKLIB through 2.4.3 contains an out-of-bounds write vulnerability in decode_type1033 function that fails to clamp length counters to destination buffer size, allowing up to 191-byte overflow into fixed 64-byte descriptor fields. An attacker controlling an NTRIP or serial RTCM3 correction stream can craft a valid CRC-bearing type-1033 message to corrupt adjacent rtcm_t object members, potentially achieving arbitrary code execution or denial of service.
CVSS v4.0
Score 9.3critical
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-56786 is an out-of-bounds write vulnerability in tomojitakasu RTKLIB through version 2.4.3. The issue exists in the decode_type1033 function, which fails to properly clamp length counters to the size of the destination buffer, resulting in an overflow of up to 191 bytes into adjacent fixed 64-byte descriptor fields. An attacker who can control an NTRIP or serial RTCM3 correction stream can send a specially crafted CRC-valid type-1033 message to corrupt adjacent members of the rtcm_t object. This memory corruption can lead to arbitrary code execution or denial of service conditions. The vulnerability is remotely exploitable without authentication and requires no user interaction, making it highly critical. No vendor advisory or patch information is currently available.
Potential Impact
Successful exploitation allows remote attackers to corrupt memory adjacent to a fixed-size buffer in RTKLIB, potentially enabling arbitrary code execution or causing denial of service. The vulnerability affects systems processing NTRIP or serial RTCM3 correction streams with vulnerable RTKLIB versions. The high CVSS score (9.3) reflects the critical nature of this remote, unauthenticated, high-impact vulnerability.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider restricting or validating input from NTRIP or serial RTCM3 correction streams to untrusted sources to reduce exposure. Monitor vendor channels for updates and apply patches promptly once released.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-06-23T01:24:27.651Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a3d73fd4853345fc14dfab5
Added to database: 06/25/2026, 18:31:25 UTC
Last enriched: 06/25/2026, 18:46:05 UTC
Last updated: 06/25/2026, 19:01:11 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.