Skip to content
CVSS 10.0CVSS 10.0 · CRITICAL

CVE-2026-37541

Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_gvret.cpp, the length field in GVRET binary data is not properly validated, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted GVRET frames.

View on NVD

Analysis

A critical stack-based buffer overflow in the Open Vehicle Monitoring System (OVMS3) allows for remote code execution or denial of service via crafted GVRET frames. This vulnerability affects users of the OVMS3 hardware platform who process vehicle telemetry and CAN bus data.

Severity

Score: 10.0(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE): CWE-121

EPSS

Probability of exploitation (next 30 days): 0.0026 (0.3%)
Percentile: 48.9%
EPSS: 2026-05-07

Technical description

Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_gvret.cpp, the length field in GVRET binary data is not properly validated, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted GVRET frames.

Published: 5/1/2026, 5:16:24 PM
Last modified: 5/7/2026, 7:16:00 PM

References

HomeEventsBlogResourcesTeam