{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34155", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-25T20:12:04.196Z", "datePublished": "2026-03-31T13:28:14.863Z", "dateUpdated": "2026-03-31T15:45:04.506Z"}, "containers": {"cna": {"title": "RAUC: Improper Signing of Plain Bundles Exceeding 2 GiB", "problemTypes": [{"descriptions": [{"cweId": "CWE-196", "lang": "en", "description": "CWE-196: Unsigned to Signed Conversion Error", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-347", "lang": "en", "description": "CWE-347: Improper Verification of Cryptographic Signature", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:N/SC:H/SI:H/SA:H", "version": "4.0"}}], "references": [{"name": "https://github.com/rauc/rauc/security/advisories/GHSA-6hj7-q844-m2hx", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/rauc/rauc/security/advisories/GHSA-6hj7-q844-m2hx"}, {"name": "https://github.com/rauc/rauc/commit/4fb7c798d6ae412344fb8f8d310d773046af3441", "tags": ["x_refsource_MISC"], "url": "https://github.com/rauc/rauc/commit/4fb7c798d6ae412344fb8f8d310d773046af3441"}, {"name": "https://github.com/rauc/rauc/releases/tag/v1.15.2", "tags": ["x_refsource_MISC"], "url": "https://github.com/rauc/rauc/releases/tag/v1.15.2"}], "affected": [{"vendor": "rauc", "product": "rauc", "versions": [{"version": "< 1.15.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-31T13:28:14.863Z"}, "descriptions": [{"lang": "en", "value": "RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a legitimate signature, an attacker can modify the part of the payload which is not covered by the signature. This issue has been patched in version 1.15.2."}], "source": {"advisory": "GHSA-6hj7-q844-m2hx", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T15:44:51.772152Z", "id": "CVE-2026-34155", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T15:45:04.506Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34155", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-31T15:44:51.772152Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T15:44:57.041Z"}}], "cna": {"title": "RAUC: Improper Signing of Plain Bundles Exceeding 2 GiB", "source": {"advisory": "GHSA-6hj7-q844-m2hx", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:N/SC:H/SI:H/SA:H", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "LOW"}}], "affected": [{"vendor": "rauc", "product": "rauc", "versions": [{"status": "affected", "version": "< 1.15.2"}]}], "references": [{"url": "https://github.com/rauc/rauc/security/advisories/GHSA-6hj7-q844-m2hx", "name": "https://github.com/rauc/rauc/security/advisories/GHSA-6hj7-q844-m2hx", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/rauc/rauc/commit/4fb7c798d6ae412344fb8f8d310d773046af3441", "name": "https://github.com/rauc/rauc/commit/4fb7c798d6ae412344fb8f8d310d773046af3441", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/rauc/rauc/releases/tag/v1.15.2", "name": "https://github.com/rauc/rauc/releases/tag/v1.15.2", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a legitimate signature, an attacker can modify the part of the payload which is not covered by the signature. This issue has been patched in version 1.15.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-196", "description": "CWE-196: Unsigned to Signed Conversion Error"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-347", "description": "CWE-347: Improper Verification of Cryptographic Signature"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-31T13:28:14.863Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34155", "state": "PUBLISHED", "dateUpdated": "2026-03-31T15:45:04.506Z", "dateReserved": "2026-03-25T20:12:04.196Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-31T13:28:14.863Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pengutronix:rauc:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4EC7982-C7EC-4B8C-9098-A1B567B10FAF", "versionEndExcluding": "1.15.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a legitimate signature, an attacker can modify the part of the payload which is not covered by the signature. This issue has been patched in version 1.15.2."}], "id": "CVE-2026-34155", "lastModified": "2026-04-03T15:53:01.463", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-31T14:16:11.997", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/rauc/rauc/commit/4fb7c798d6ae412344fb8f8d310d773046af3441"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/rauc/rauc/releases/tag/v1.15.2"}, {"source": "security-advisories@github.com", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "url": "https://github.com/rauc/rauc/security/advisories/GHSA-6hj7-q844-m2hx"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-196"}, {"lang": "en", "value": "CWE-347"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.15.2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "rauc", "source": "cna", "vendor": "rauc"}, "product": "rauc", "vendor": "rauc"}], "analysis": {"en": {"generated_at": "2026-04-03T18:59:08.334557+00:00", "value": {"mitigation_remediation": ["Update RAUC to version 1.15.2 or later to apply the upstream fix", "Verify all firmware bundles are signed and do not exceed 2\u00a0GiB in plain format before deployment", "If an immediate update is not possible, restrict the device\u2019s update interface to accept only trusted, signed bundles", "Monitor update logs for any oversized plain-format bundles and investigate anomalies"], "summary": {"action": "Apply patch", "impact": "Unauthorized modification due to incomplete signature coverage"}, "threat_synthesis": {"affected_systems": "This vulnerability affects Pengutronix RAUC versions prior to 1.15.2 that are used on embedded Linux platforms. Any system deploying a bundle signed with those versions is at risk. The upstream patch in release 1.15.2 and later resolves the issue.", "description_and_impact": "RAUC, a firmware update manager for embedded Linux, suffers from an integer overflow when processing plain\u2011format bundles larger than 2 GiB. The overflow limits the generated signature to only the first few bytes of the payload, so that the remainder of the bundle is not integrity\u2011checked. An attacker who can supply a malicious bundle can therefore alter the unchecked part of the firmware, violating the authenticity guarantee of the update process. The flaw maps to cryptographic integrity failure (CWE\u2011196) and numeric value overflow (CWE\u2011347).", "risk_and_exploitability": "With a CVSS score of 7.2 the flaw is considered high severity, but an EPSS probability of less than 1\u00a0% indicates it is not widely exploited in the wild. The vulnerability is not listed in the CISA KEV catalog, reinforcing the low observed exploitation risk. Successful exploitation requires an attacker who can supply a bundle through the device\u2019s update channel, such as via a compromised update server, supply\u2011chain tampering, or physical access to the update mechanism. Once the modified bundle is installed, the device may run altered firmware or experience service disruption."}}}}, "created": "2026-03-31T19:54:45.308497+00:00", "updated": "2026-04-03T21:17:44.968938+00:00", "vendors": ["rauc", "rauc$PRODUCT$rauc"]}