Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-42469

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-01 May, 2026 | 00:00
Updated At-07 May, 2026 | 18:42
Rejected At-
Credits

Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_canswitch.cpp the parser does not properly validate a CANswitch DLC value, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted CANswitch frames.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:01 May, 2026 | 00:00
Updated At:07 May, 2026 | 18:42
Rejected At:
▼CVE Numbering Authority (CNA)

Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_canswitch.cpp the parser does not properly validate a CANswitch DLC value, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted CANswitch frames.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://gist.github.com/sgInnora/f4ac66faeefe07a653ceeb3f58cdc381
N/A
https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3/issues/1391
N/A
Hyperlink: https://gist.github.com/sgInnora/f4ac66faeefe07a653ceeb3f58cdc381
Resource: N/A
Hyperlink: https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3/issues/1391
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-121CWE-121 Stack-based Buffer Overflow
Type: CWE
CWE ID: CWE-121
Description: CWE-121 Stack-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
3.18.6HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Version: 3.1
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:01 May, 2026 | 17:16
Updated At:20 May, 2026 | 15:18

Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_canswitch.cpp the parser does not properly validate a CANswitch DLC value, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted CANswitch frames.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.6HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Type: Secondary
Version: 3.1
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
CPE Matches
openvehicles
openvehicles
>>open_vehicle_monitoring_system_firmware>>3.3.005
cpe:2.3:o:openvehicles:open_vehicle_monitoring_system_firmware:3.3.005:*:*:*:*:*:*:*
openvehicles
openvehicles
>>open_vehicle_monitoring_system>>-
cpe:2.3:h:openvehicles:open_vehicle_monitoring_system:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-121Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-121
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://gist.github.com/sgInnora/f4ac66faeefe07a653ceeb3f58cdc381cve@mitre.org
Third Party Advisory
https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3/issues/1391cve@mitre.org
Issue Tracking
Hyperlink: https://gist.github.com/sgInnora/f4ac66faeefe07a653ceeb3f58cdc381
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3/issues/1391
Source: cve@mitre.org
Resource:
Issue Tracking

Change History

0
Information is not available yet

Similar CVEs

6Records found
CVE-2026-42468
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.18% / 39.29%
||
7 Day CHG~0.00%
Published-01 May, 2026 | 00:00
Updated-20 May, 2026 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_pcap.cpp , the parser's phdr.len field is not properly validated, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted PCAP input.

Action-Not Available
Vendor-openvehiclesn/a
Product-open_vehicle_monitoring_systemopen_vehicle_monitoring_system_firmwaren/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-37541
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-0.22% / 44.93%
||
7 Day CHG~0.00%
Published-01 May, 2026 | 00:00
Updated-20 May, 2026 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_gvret.cpp, the length field in GVRET binary data is not properly validated, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted GVRET frames.

Action-Not Available
Vendor-openvehiclesn/a
Product-open_vehicle_monitoring_systemopen_vehicle_monitoring_system_firmwaren/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-0426
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-8.6||HIGH
EPSS-0.23% / 45.61%
||
7 Day CHG~0.00%
Published-07 Aug, 2023 | 05:23
Updated-07 Nov, 2024 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack overflow in filename or in boundary

ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who successfully exploited one or more of these vulnerabilities could cause the product to stop or make the product inaccessible. Stack-based Buffer Overflow vulnerability in ABB Freelance controllers AC 700F (conroller modules), ABB Freelance controllers AC 900F (controller modules).This issue affects:  Freelance controllers AC 700F:  from 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019 , through Freelance 2019 SP1, through Freelance 2019 SP1 FP1;  Freelance controllers AC 900F:  through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1.

Action-Not Available
Vendor-ABB
Product-freelance_2013ac700ffreelance_2016freelance_2019ac900fac700f_firmware Freelance controllers AC 700F Freelance controllers AC 900Ffreelance_controllers_ac_900ffreelance_controllers_ac_700f
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-0719
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.6||HIGH
EPSS-0.04% / 12.31%
||
7 Day CHG-0.01%
Published-08 Jan, 2026 | 12:38
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsoup: signed to unsigned conversion error leading to stack-based buffer overflow in libsoup ntlm authentication

A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat OpenShift Dev Spaces (RHOSDS) 3.26Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-53418
Matching Score-4
Assigner-Delta Electronics, Inc.
ShareView Details
Matching Score-4
Assigner-Delta Electronics, Inc.
CVSS Score-8.6||HIGH
EPSS-0.09% / 25.34%
||
7 Day CHG~0.00%
Published-26 Aug, 2025 | 06:54
Updated-26 Aug, 2025 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
COMMGR Stack-based Buffer Overflow Vulnerability

Delta Electronics COMMGR has Stack-based Buffer Overflow vulnerability.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-COMMGR
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-43520
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.6||HIGH
EPSS-0.27% / 50.36%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 05:47
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack-based Buffer Overflow in WLAN HOST

Memory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping IE.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcm8550_firmwaresa6150p_firmwarewsa8845_firmwarewsa8832qcc2076_firmwareqca6595srv1mqca8081_firmwarear8035_firmwareqca6696wcd9340_firmwarewcd9395_firmwareqcc2073_firmwareqcc710_firmwareqca6564auwsa8832_firmwaresa8195p_firmwareqca8337_firmwareqca8337wcd9395qca6574au_firmwareqca6574auwcd9390flight_rb5_5g_platformwsa8845h_firmwaresa9000p_firmwaresrv1hqca6554asa8770pqca6584auqcn6274_firmwaressg2115pqcc710qfw7114_firmwareqca6595_firmwareqcs7230fastconnect_6900fastconnect_7800_firmwareqfw7114wcd9385_firmwarefastconnect_6900_firmwareqam8255p_firmwarewcd9380sa6145p_firmwareqam8255psxr2230psa8150psnapdragon_ar2_gen_1_platform_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwarewsa8845sa6155pqca6564au_firmwaresxr1230pqam8650pvideo_collaboration_vc5_platform_firmwaresa9000psnapdragon_8\+_gen_2_mobile_platformsrv1h_firmwareqca6595ausa6155p_firmwarewsa8840qca6688aqsrv1m_firmwareqcs8550_firmwareqfw7124_firmwarewcd9385snapdragon_8_gen_2_mobile_platformsa8255pqcs7230_firmwaresxr1230p_firmwarewcd9390_firmwareqcc2076ssg2125pqca6554a_firmwareqca6574asa8195pwcd9340qcs8250_firmwareqamsrv1mqam8650p_firmwarevideo_collaboration_vc5_platformsm8550p_firmwareqcm8550qca6584au_firmwareqcn6274qca6574qfw7124qrb5165n_firmwaresa8775pqca6595au_firmwareqca6391_firmwaresnapdragon_x75_5g_modem-rf_systemsxr2230p_firmwarewsa8835wsa8840_firmwaresa8775p_firmwaresnapdragon_ar2_gen_1_platformqamsrv1hqca6696_firmwarewsa8845hwcd9380_firmwaresa6150pqca6574_firmwaresa8155p_firmwareqca8081sa8155pwsa8830qam8775psm8550psa6145psa8255p_firmwareflight_rb5_5g_platform_firmwareqcc2073ar8035qca6574a_firmwareqamsrv1m_firmwaresa8650p_firmwarerobotics_rb5_platformqca6391qcn6224ssg2125p_firmwareqrb5165nsa8770p_firmwaresnapdragon_8_gen_2_mobile_platform_firmwarerobotics_rb5_platform_firmwareqcs8550fastconnect_7800sa8145p_firmwaresa8650pqam8775p_firmwareqca6688aq_firmwaresa8150p_firmwareqamsrv1h_firmwaresa8145pwsa8835_firmwaressg2115p_firmwaresnapdragon_x75_5g_modem-rf_system_firmwareqcs8250wsa8830_firmwareqcn6224_firmwareSnapdragon
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
Details not found