Two Buffer Overflows in OVMS3 Expose Vehicle Monitoring Systems to DoS and RCE
Two high-severity vulnerabilities have been disclosed in Open Vehicle Monitoring System 3 (OVMS3) version 3.3.005, both stemming from improper input validation that can lead to buffer overflows. CVE-2026-42469 affects canformat_canswitch.cpp, where the software fails to properly validate a CANswitch DLC value; a remote attacker can send crafted CANswitch frames to trigger a denial of service and potentially achieve arbitrary code execution. The flaw is tracked as CWE-121 and carries a CVSS v3.1 vector of AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H, indicating network-reachable exploitation with no privileges or user interaction required and a high impact on availability.
A second flaw, CVE-2026-42468, affects canformat_pcap.cpp, where OVMS3 does not correctly validate the phdr.len field while parsing PCAP input. An attacker can use crafted PCAP data to cause a denial of service and potentially execute arbitrary code; the updated CVSS v3.1 scoring indicates user interaction is required and that confidentiality, integrity, and availability may all be affected. The CVE records were updated to refine severity details, add CWE-121 classification, and, for CVE-2026-42469, include a public GitHub Gist reference.
Timeline
May 1, 2026
CVE records updated with scoring and reference details
The CVE records were updated on May 1, 2026 to add CWE-121 classification and revise CVSS v3.1 scoring details. The CVE-2026-42469 entry also added a public GitHub Gist reference.
May 1, 2026
CVE-2026-42469 disclosed for OVMS3 CANswitch buffer overflow
A second OVMS3 version 3.3.005 buffer overflow vulnerability was disclosed in canformat_canswitch.cpp. The issue is caused by improper validation of a CANswitch DLC value and could be exploited remotely with crafted CANswitch frames to cause denial of service and potentially arbitrary code execution.
May 1, 2026
CVE-2026-42468 disclosed for OVMS3 PCAP parser buffer overflow
A buffer overflow vulnerability affecting Open Vehicle Monitoring System 3 (OVMS3) version 3.3.005 was disclosed in canformat_pcap.cpp. The flaw stems from improper validation of the phdr.len field when processing crafted PCAP input, allowing denial of service and possible arbitrary code execution.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
Related Stories
Two High-Severity Buffer Overflow Flaws Disclosed in LinkingVision rapidvms
Two high-severity vulnerabilities, **CVE-2026-33848** and **CVE-2026-33849**, were disclosed in **LinkingVision rapidvms**, both classified as **CWE-119** improper restriction of operations within the bounds of a memory buffer. The flaws affect **rapidvms versions before `PR#96`** and carry the same **CVSS v3.1** vector, `AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H`, indicating network-reachable exploitation with low attack complexity, no required privileges, user interaction, and potential for high impact across confidentiality, integrity, and availability. Both CVE records point to **GitHub pull request `#96`** in the `linkingvision/rapidvms` repository as the referenced fix or related remediation. Organizations running vulnerable rapidvms builds should review the changes in that pull request, identify any exposed instances, and prioritize upgrading or patching affected systems because successful exploitation could lead to severe compromise of the video management platform.
1 months ago
Multiple Memory Corruption Flaws Disclosed in Automotive CAN Libraries
Innora Security Research disclosed 11 vulnerabilities across eight automotive CAN-related libraries and tools, including **Open-SAE-J1939**, `isotp-c`, `uds-c`, `socketcand`, `cannelloni`, `OpenAMP`, and `OVMS3`. The issues span integer underflow and overflow, stack and heap buffer overflows, and other out-of-bounds memory access conditions affecting software used in ECUs, CAN gateways, diagnostic tooling, industrial networks, and research platforms. The report said several flaws are reachable through crafted CAN frames, tunneled CAN traffic, malformed firmware images, or malicious log files, with many assigned **CVSS 9.8** severity due to the potential for remote memory corruption and service disruption. One of the newly tracked issues, **`CVE-2026-37537`**, affects `collin80/Open-SAE-J1939` through commit `744024d4306bc387857dfce439558336806acb06`. In the library's Transport Protocol Data Transfer handling, a CAN frame with `data[0] = 0` causes the calculation `uint8_t index = data[0] - 1` to underflow to `255`, leading to an out-of-bounds write past the allocated `MAX_TP_DT` buffer. The vulnerability was assigned **CVSS v3.1 `AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H`**, indicating an adjacent-network attack path with high integrity and availability impact, and it underscores broader unsafe length handling and unchecked memory operations across the affected CAN software ecosystem.
Today
High-Severity Buffer Bounds Flaw in Portwell Engineering Toolkits Driver (CVE-2026-3437)
CISA published an ICS advisory for **CVE-2026-3437**, a **high-severity** memory safety issue (*CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer*) affecting **Portwell Engineering Toolkits v4.8.2**. The flaw is in the Portwell Engineering Toolkits **driver** and could allow a **local, authenticated attacker** to **read and write arbitrary memory**, enabling **privilege escalation** or **denial of service**; CISA scored it **CVSS v3.1 8.8 (High)** with a local attack vector and low complexity. The CVE record corroborates the same impact and affected version, and additionally lists a **CVSS v4.0** vector consistent with high impact to confidentiality, integrity, and availability. The vulnerability was reported to CISA by **Jason Huang** of **TXOne Networks** (Cyber Threat & Product Defense Center), and the advisory notes deployment across critical infrastructure environments (including **Energy** and **Critical Manufacturing**) with worldwide exposure.
1 months ago