rtl_433 Stack-Based Buffer Overflow Vulnerability in parse_rfraw Function

A stack-based buffer overflow vulnerability has been identified in the rtl_433 application, specifically in versions up to and including 25.02 and prior to commit 25e47f8. The vulnerability resides in the function parse_rfraw() within src/rfraw.c. This issue arises when the application processes crafted or excessively large raw RF input data, leading to memory corruption or a crash. Exploitation of this vulnerability causes a denial-of-service condition and, under certain circumstances, may be leveraged for further exploitation, depending on the execution environment and available mitigations.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the application to crash. Additionally, it results in memory corruption, with the potential for code execution depending on the execution environment.

Reproduction

The vulnerability can be reproduced by using rtl_433 version 25.02 or earlier, and by applying the latest commit in the master branch. When the application is built with AddressSanitizer enabled, it can be run with a specific input file that contains crafted RF data designed to trigger the buffer overflow. This can be done by using the '-y' option to specify the input file.

Remediation

Users are advised to upgrade to rtl_433 versions that include commit 25e47f8 or later. For upstream builds, ensure that input from untrusted sources is sanitized and run the application inside a restricted sandbox if possible.