CVE-2025-34450

EUVD-2025-204399
merbanan/rtl_433 versions up to and including 25.02 and prior to commit 25e47f8 contain a stack-based buffer overflow vulnerability in the function parse_rfraw() located in src/rfraw.c. When processing crafted or excessively large raw RF input data, the application may write beyond the bounds of a stack buffer, resulting in memory corruption or a crash. This vulnerability can be exploited to cause a denial of service and, under certain conditions, may be leveraged for further exploitation depending on the execution environment and available mitigations.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Affected Products (NVD)
VendorProductVersion
rtl_433_projectrtl_433
𝑥
≤ 25.02
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
rtl-433
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
ignored
questing
needs-triage
Common Weakness Enumeration
References
https://github.com/dd32/rtl_433/commit/25e47f8
https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-004-rtl_433-rfraw-parse-overflow.md
https://github.com/merbanan/rtl_433/issues/3375
https://www.vulncheck.com/advisories/merbanan-rtl-433-stack-based-buffer-overflow
https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-004-rtl_433-rfraw-parse-overflow.md