Skip to content
CVSS 10.0CVSS 10.0 · CRITICAL

CVE-2026-37541

Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_gvret.cpp, the length field in GVRET binary data is not properly validated, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted GVRET frames.

Ver en NVD

Análisis

A critical stack-based buffer overflow in the Open Vehicle Monitoring System (OVMS3) allows for remote code execution or denial of service via crafted GVRET frames. This vulnerability affects users of the OVMS3 hardware platform who process vehicle telemetry and CAN bus data.

Severidad

Puntaje: 10.0(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-121

EPSS

Probabilidad de explotación (próx. 30 días): 0.0026 (0.3%)
Percentil: 48.9%
EPSS: 2026-05-07

Descripción técnica

Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_gvret.cpp, the length field in GVRET binary data is not properly validated, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted GVRET frames.

Publicada: 1/5/2026, 17:16:24
Última modificación: 7/5/2026, 19:16:00

Referencias

InicioEventosBlogRecursosEquipo