Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: [email protected], [email protected]
Control: affects -1 + src:rtl-433
User: [email protected]
Usertags: pu

  * CVE-2025-34450: Buffer overflow in parse_rfraw()
    (Closes: #1126178)
diffstat for rtl-433-25.02 rtl-433-25.02

 changelog                                                              |    8 
++
 patches/0001-Fix-overflow-in-rfraw-test-data-parsing-closes-3375.patch |   31 
++++++++++
 patches/series                                                         |    1 
 3 files changed, 40 insertions(+)

diff -Nru rtl-433-25.02/debian/changelog rtl-433-25.02/debian/changelog
--- rtl-433-25.02/debian/changelog      2025-02-19 18:52:07.000000000 +0200
+++ rtl-433-25.02/debian/changelog      2026-06-30 21:51:39.000000000 +0300
@@ -1,3 +1,11 @@
+rtl-433 (25.02-1+deb13u1) trixie; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2025-34450: Buffer overflow in parse_rfraw()
+    (Closes: #1126178)
+
+ -- Adrian Bunk <[email protected]>  Tue, 30 Jun 2026 21:51:39 +0300
+
 rtl-433 (25.02-1) unstable; urgency=medium
 
   * New upstream version.
diff -Nru 
rtl-433-25.02/debian/patches/0001-Fix-overflow-in-rfraw-test-data-parsing-closes-3375.patch
 
rtl-433-25.02/debian/patches/0001-Fix-overflow-in-rfraw-test-data-parsing-closes-3375.patch
--- 
rtl-433-25.02/debian/patches/0001-Fix-overflow-in-rfraw-test-data-parsing-closes-3375.patch
 1970-01-01 02:00:00.000000000 +0200
+++ 
rtl-433-25.02/debian/patches/0001-Fix-overflow-in-rfraw-test-data-parsing-closes-3375.patch
 2026-06-30 21:50:58.000000000 +0300
@@ -0,0 +1,31 @@
+From b27bd050d6c74c900e9471338c63bcd96b5c1b08 Mon Sep 17 00:00:00 2001
+From: "Christian W. Zuckschwerdt" <[email protected]>
+Date: Wed, 8 Oct 2025 10:11:15 +0200
+Subject: Fix overflow in rfraw test data parsing (closes #3375)
+
+---
+ src/rfraw.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/rfraw.c b/src/rfraw.c
+index 9f4c9780..71a1c365 100644
+--- a/src/rfraw.c
++++ b/src/rfraw.c
+@@ -159,9 +159,14 @@ static bool parse_rfraw(pulse_data_t *data, char const 
**p)
+             data->num_pulses++;
+             pulse_needed = true;
+         }
++        // abort reading if the pulse data array is full
++        if (data->num_pulses >= PD_MAX_PULSES) {
++            break;
++        }
+     }
+     //data->gap[data->num_pulses - 1] = 3000; // TODO: extend last gap?
+ 
++    // expand reapeats as long as the pulse data array has enough space
+     unsigned pkt_pulses = data->num_pulses - prev_pulses;
+     for (int i = 1; i < repeats && data->num_pulses + pkt_pulses <= 
PD_MAX_PULSES; ++i) {
+         memcpy(&data->pulse[data->num_pulses], &data->pulse[prev_pulses], 
pkt_pulses * sizeof (*data->pulse));
+-- 
+2.47.3
+
diff -Nru rtl-433-25.02/debian/patches/series 
rtl-433-25.02/debian/patches/series
--- rtl-433-25.02/debian/patches/series 2020-02-17 15:05:28.000000000 +0200
+++ rtl-433-25.02/debian/patches/series 2026-06-30 21:51:30.000000000 +0300
@@ -1 +1,2 @@
 cmake
+0001-Fix-overflow-in-rfraw-test-data-parsing-closes-3375.patch

Reply via email to