← Zuruck zu CVEs
CVE-2026-34155
MEDIUM5.3
Beschreibung
RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a legitimate signature, an attacker can modify the part of the payload which is not covered by the signature. This issue has been patched in version 1.15.2.
CVE Details
CVSS v3.1 Bewertung5.3
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht3/31/2026
Zuletzt geandert4/3/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
pengutronix:rauc
Schwachen (CWE)
CWE-196CWE-347
Referenzen
https://github.com/rauc/rauc/commit/4fb7c798d6ae412344fb8f8d310d773046af3441(security-advisories@github.com)
https://github.com/rauc/rauc/releases/tag/v1.15.2(security-advisories@github.com)
https://github.com/rauc/rauc/security/advisories/GHSA-6hj7-q844-m2hx(security-advisories@github.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.