CVE-2025-34450

Name
CVE-2025-34450
Description
merbanan/rtl_433 versions up to and including 25.02 and prior to commit 25e47f8 contain a stack-based buffer overflow vulnerability in the function parse_rfraw() located in src/rfraw.c. When processing crafted or excessively large raw RF input data, the application may write beyond the bounds of a stack buffer, resulting in memory corruption or a crash. This vulnerability can be exploited to cause a denial of service and, under certain conditions, may be leveraged for further exploitation depending on the execution environment and available mitigations.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
patch https://github.com/dd32/rtl_433/commit/25e47f8
technical-description https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-004-rtl_433-rfraw-parse-overflow.md
issue-tracking https://github.com/merbanan/rtl_433/issues/3375
third-party-advisory https://www.vulncheck.com/advisories/merbanan-rtl-433-stack-based-buffer-overflow

Match rules

CPE URI Source package Min version Max version
rtl-433 >= 0 <= 25.02
rtl-433 == commit 25e47f8 == None
cpe:2.3:a:rtl_433_project:rtl_433:*:*:*:*:*:*:*:* rtl_433 >= None <= 25.02

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
rtl_433 edge-community 25.02-r0 omni <omni+alpine@hack.org> possibly vulnerable
rtl_433 edge-community 24.10-r0 omni <omni+alpine@hack.org> possibly vulnerable
rtl_433 edge-community 21.12-r3 omni <omni+alpine@hack.org> possibly vulnerable
rtl_433 3.23-community 25.02-r0 omni <omni+alpine@hack.org> possibly vulnerable