CVE-2022-25051

Name
CVE-2022-25051
Description
An Off-by-one Error occurs in cmr113_decode of rtl_433 21.12 when decoding a crafted file.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Issue Tracking https://github.com/merbanan/rtl_433/issues/1960
Patch https://github.com/merbanan/rtl_433/commit/2dad7b9fc67a1d0bfbe520fbd821678b8f8cc7a8
Permissions Required https://huntr.dev/bounties/78eee103-bd61-4b4f-b054-04ad996b39e7/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:rtl_433_project:rtl_433:21.12:*:*:*:*:*:*:* rtl_433 == None == 21.12

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
rtl_433 3.16-community 21.12-r0 omni <omni+alpine@hack.org> possibly vulnerable
rtl_433 3.17-community 21.12-r3 omni <omni+alpine@hack.org> fixed