CVE-2025-34450

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-34450
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-34450.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-34450
Downstream
Published
2025-12-18T22:15:56.163Z
Modified
2026-03-15T14:54:26.040646Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

merbanan/rtl433 versions up to and including 25.02 and prior to commit 25e47f8 contain a stack-based buffer overflow vulnerability in the function parserfraw() located in src/rfraw.c. When processing crafted or excessively large raw RF input data, the application may write beyond the bounds of a stack buffer, resulting in memory corruption or a crash. This vulnerability can be exploited to cause a denial of service and, under certain conditions, may be leveraged for further exploitation depending on the execution environment and available mitigations.

References

Affected packages

Git / github.com/dd32/rtl_433

Affected ranges

Type
GIT
Repo
https://github.com/dd32/rtl_433
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
25e47f8
Type
GIT
Repo
https://github.com/merbanan/rtl_433
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5cae16fbc9c1c98652676ab45d7bbf7f51e6ccea
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "25.02"
        }
    ]
}

Affected versions

0.*
0.01
0.1
18.*
18.05
18.12
19.*
19.08
20.*
20.02
20.11
21.*
21.05
21.12
22.*
22.11
23.*
23.11
24.*
24.10
25.*
25.02
Other
push

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-34450.json"