Your message dated Sat, 04 Jul 2026 16:17:08 +0000
with message-id <[email protected]>
and subject line Bug#1126178: fixed in rtl-433 25.02-1+deb13u1
has caused the Debian Bug report #1126178,
regarding rtl-433: Buffer overflow in parse_rfraw() with large raw RF input 
data (CVE-2025-34450)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1126178: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126178
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: rtl-433
Version: 25.02-1
Severity: important
Tags: patch

According to
<URL:https://security-tracker.debian.org/tracker/CVE-2025-34450 > there
is a security vulnerability with parsing large raw RF input data, as
described in <URL: https://github.com/merbanan/rtl_433/issues/3375 >.  A
fix has been included upstream in
<URL:https://github.com/dd32/rtl_433/commit/25e47f8932f0401392ef1d3c8cc9ed5595bc894a
 >
and is already included in unstable and testing.  But the issue is also
in Debian Trixie/stable and should perhaps be fixed there too?

This is the upstream patch used:

commit 25e47f8932f0401392ef1d3c8cc9ed5595bc894a
Author: Christian W. Zuckschwerdt <[email protected]>
Date:   Wed Oct 8 10:11:15 2025 +0200

    Fix overflow in rfraw test data parsing (closes #3375)

diff --git a/src/rfraw.c b/src/rfraw.c
index 9f4c9780..71a1c365 100644
--- a/src/rfraw.c
+++ b/src/rfraw.c
@@ -159,9 +159,14 @@ static bool parse_rfraw(pulse_data_t *data, char const **p)
             data->num_pulses++;
             pulse_needed = true;
         }
+        // abort reading if the pulse data array is full
+        if (data->num_pulses >= PD_MAX_PULSES) {
+            break;
+        }
     }
     //data->gap[data->num_pulses - 1] = 3000; // TODO: extend last gap?
 
+    // expand reapeats as long as the pulse data array has enough space
     unsigned pkt_pulses = data->num_pulses - prev_pulses;
     for (int i = 1; i < repeats && data->num_pulses + pkt_pulses <= 
PD_MAX_PULSES; ++i) {
         memcpy(&data->pulse[data->num_pulses], &data->pulse[prev_pulses], 
pkt_pulses * sizeof (*data->pulse));

-- 
Happy hacking
Petter Reinholdtsen

--- End Message ---
--- Begin Message ---
Source: rtl-433
Source-Version: 25.02-1+deb13u1
Done: Adrian Bunk <[email protected]>

We believe that the bug you reported is fixed in the latest version of
rtl-433, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adrian Bunk <[email protected]> (supplier of updated rtl-433 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 30 Jun 2026 21:51:39 +0300
Source: rtl-433
Architecture: source
Version: 25.02-1+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Debian Hamradio Maintainers <[email protected]>
Changed-By: Adrian Bunk <[email protected]>
Closes: 1126178
Changes:
 rtl-433 (25.02-1+deb13u1) trixie; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2025-34450: Buffer overflow in parse_rfraw()
     (Closes: #1126178)
Checksums-Sha1:
 e789b34747b9a4361b1ec6c4e3d6a979e8160e93 2000 rtl-433_25.02-1+deb13u1.dsc
 a04073a1b688d4194e4bd6deec97996c1ffd3965 1125144 rtl-433_25.02.orig.tar.gz
 9b0fdd0303822360055a0241020b6104967a709f 6528 
rtl-433_25.02-1+deb13u1.debian.tar.xz
Checksums-Sha256:
 0dbf003cbd0936df1279ea74d0d02acc063ee1df6638cbba3f3335955552cff8 2000 
rtl-433_25.02-1+deb13u1.dsc
 5a409ea10e6d3d7d4aa5ea91d2d6cc92ebb2d730eb229c7b37ade65458223432 1125144 
rtl-433_25.02.orig.tar.gz
 d5d09391ad031009428d38876d7b25106f9e54bf0ac3db558d1fd092672ac9ea 6528 
rtl-433_25.02-1+deb13u1.debian.tar.xz
Files:
 a4156242df860f23a5f10a4d68154db7 2000 hamradio optional 
rtl-433_25.02-1+deb13u1.dsc
 ef2bfb1e3db92b16a2d8dcfe4a724a58 1125144 hamradio optional 
rtl-433_25.02.orig.tar.gz
 f310960cf80ff9595d134ce7774e554b 6528 hamradio optional 
rtl-433_25.02-1+deb13u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmpEE6AACgkQiNJCh6LY
mLG9pxAAjfOPRCKyoseSu74mIKXtgNzXSR8kqs9cFe2tRSiX/rvIRmOU3np/W99R
v6Mxdw7FRgGiddtU3ZhrfZS2o7x3d1OYNlEZVltgwgP2TYYJgOUOnXYj28IXA5KS
R1UZmiLPqnsUfGHkHSL9K4ej+gm3FHHXa2ahCkg5HFaCt27vy+CHDJv8+K8d2kh8
7vThuwFYVUEZ63PouDY49JQfxQB5o7xfo+AIpGi71VWl2/UNT/w1tAChsayP3s/4
jKe9x1lEk+ykl6W2n3rurGXZQCraznxMu8xOXKGI2Dx3yrpp9zfy+6lJFkvDZBX7
bTM/cb5fgT+hqECgIFr2FEjaqWlbm5Xyx17ivXQd3+ToKf8qKG9MWKdhQXney+Ix
LPwAqGNJuAMNEtUjbWIVCBRITuCzmAJtchFYr3tNF2Zev2EDFTTOBQ5tbD/hnwB8
g02+PvopLx3fGLADnw8Cy9sjrHXAzmWwKVXkZERmwZloDmGV/vZwJMA7Sld8liun
l3Tae68oQYREU9j2YgPJ1aeqtvRRA35P0qNuEb1M//tRelIiwWkaNojT98EEASe9
RcdtoO8To0fQoidynTE4/8me34LlksD5ewEo2zp7r2gb8CHwjf3x3gvbgfXYKVh5
QNYihTNwAG15UdjD1R8i6QIt8TrHIwMsv+bL1h3/Qj4f2GsXFtI=
=yHoh
-----END PGP SIGNATURE-----

Attachment: pgpBE89k89ET7.pgp
Description: PGP signature


--- End Message ---

Reply via email to