PT-2026-29250 · Rauc · Rauc
Yosuke-Tanimoto
·
Published
2026-03-31
·
Updated
2026-04-02
·
CVE-2026-34155
CVSS v4.0
7.2
High
| Vector | AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:N/SC:H/SI:H/SA:H |
Name of the Vulnerable Software and Affected Versions
RAUC versions prior to 1.15.2
Description
RAUC manages the update process on embedded Linux systems. When using the 'plain' format, bundles larger than 2 GiB can cause an integer overflow, leading to a signature that only covers a portion of the payload. An attacker could exploit this by modifying the unsigned part of a legitimately signed bundle.
Recommendations
Update to version 1.15.2 or later.
Exploit
Fix
Improper Verification of Cryptographic Signature
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Rauc