merbanan/rtl_433 <= 25.02 Stack-based Buffer Overflow

Advisories

merbanan/rtl_433 <= 25.02 Stack-based Buffer Overflow

severity: medium
date: 12/18/2025
Affecting: rtl_433 <= 25.02
Fixed in commit 25e47f8
CVE: CVE-2025-34450
CWE: CWE-121 Stack-based Buffer Overflow
CVSS: 6.9
CVSS V4 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
References: Researcher Advisory & PoC
rtl_433 Patched Commit
rtl_433 Vulnerability Issue
Credit: Vlatko Kosturjak with Marlink Cyber
Description: merbanan/rtl_433 versions up to and including 25.02 and prior to commit 25e47f8 contain a stack-based buffer overflow vulnerability in the function parse_rfraw() located in src/rfraw.c. When processing crafted or excessively large raw RF input data, the application may write beyond the bounds of a stack buffer, resulting in memory corruption or a crash. This vulnerability can be exploited to cause a denial of service and, under certain conditions, may be leveraged for further exploitation depending on the execution environment and available mitigations.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo