VYPR

RAUC

by rauc

Source repositories

CVEs (2)

  • CVE-2026-34155MedMar 31, 2026
    risk 0.27cvss 5.3epss 0.00

    RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a…

  • CVE-2020-25860Dec 21, 2020
    risk 0.00cvss epss 0.01

    The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update file takes place before the file is reopened for installation. An attacker who can modify the update file just…