Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses
Filter by:
With package: prometheus-rtl_433-exporter

Found 1 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2025-34450
created 3 months, 3 weeks ago
merbanan/rtl_433 <= 25.02 Stack-based Buffer Overflow

merbanan/rtl_433 versions up to and including 25.02 and prior to commit 25e47f8 contain a stack-based buffer overflow vulnerability in the function parse_rfraw() located in src/rfraw.c. When processing crafted or excessively large raw RF input data, the application may write beyond the bounds of a stack buffer, resulting in memory corruption or a crash. This vulnerability can be exploited to cause a denial of service and, under certain conditions, may be leveraged for further exploitation depending on the execution environment and available mitigations.

Affected products

rtl_433
  • =<25.02
  • ==commit 25e47f8

Matching in nixpkgs

pkgs.rtl_433

Decode traffic from devices that broadcast on 433.9 MHz, 868 MHz, 315 MHz, 345 MHz and 915 MHz

pkgs.prometheus-rtl_433-exporter

Prometheus time-series DB exporter for rtl_433 433MHz radio packet decoder

  • nixos-unstable 0.1
    • nixpkgs-unstable 0.1
    • nixos-unstable-small 0.1
  • nixos-25.11 0.1
    • nixpkgs-25.11-darwin 0.1

Package maintainers