HIGH🇬🇧 English

CVE-2026-34155

CVSS 7.2v4.0pub. 2026-03-31upd. 2026-04-03

RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a legitimate signature, an attacker can modify the part of the payload which is not covered by the signature. This issue has been patched in version 1.15.2.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Pengutronix Rauc

    APP
    Pengutronix
    < 1.15.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2020-25860MEDIUM6.6ten sam produkt

The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Us...

CVE-2020-13910CRITICAL9.1ten sam vendor

Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfs_read_reply in net/nfs.c because a fiel...

CVE-2019-15937CRITICAL9.8ten sam vendor

Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_reply in net/nfs.c because ...

CVE-2019-15938CRITICAL9.8ten sam vendor

Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_req in fs/nfs.c because a l...

CVE-2026-34960HIGH7.1ten sam vendor

barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within ...