Description

RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a legitimate signature, an attacker can modify the part of the payload which is not covered by the signature. This issue has been patched in version 1.15.2.

INFO

Published Date :

2026-03-31T13:28:14.863Z

Last Modified :

2026-03-31T15:45:04.506Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-34155 vulnerability.

Vendors Products
Pengutronix
  • Rauc
Rauc
  • Rauc
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-34155.

URL Resource
https://github.com/rauc/rauc/commit/4fb7c798d6ae412344fb8f8d310d773046af3441 cve-icon cve-icon
https://github.com/rauc/rauc/releases/tag/v1.15.2 cve-icon cve-icon
https://github.com/rauc/rauc/security/advisories/GHSA-6hj7-q844-m2hx cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact