CVE-2026-34155

EUVD-2026-17413

31.03.2026, 14:16

RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a legitimate signature, an attacker can modify the part of the payload which is not covered by the signature. This issue has been patched in version 1.15.2.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 4%

Affected Products (NVD)

Vendor	Product	Version
pengutronix	rauc	𝑥 < 1.15.2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

rauc

bookworm	no-dsa
bullseye	postponed
forky	1.15.2-1 fixed
sid	1.15.2-1 fixed
trixie	no-dsa

Common Weakness Enumeration

CWE-196 - Unsigned to Signed Conversion Error
The software uses an unsigned primitive and performs a cast to a signed primitive, which can produce an unexpected value if the value of the unsigned primitive can not be represented using a signed primitive.

References

https://github.com/rauc/rauc/commit/4fb7c798d6ae412344fb8f8d310d773046af3441

https://github.com/rauc/rauc/releases/tag/v1.15.2

https://github.com/rauc/rauc/security/advisories/GHSA-6hj7-q844-m2hx