Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_gvret.cpp, the length field in GVRET binary data is not properly validated, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted GVRET frames.
The issue is located in the canformat_gvret.cpp file, which is responsible for processing GVRET protocol binary data. The length field in received GVRET frames is not properly validated before use. An attacker can send specially crafted GVRET frames containing an invalid length field value, leading to a stack buffer overflow. The attack does not require authentication, user interaction, or special network conditions (public network, low complexity).
An attacker can cause system failure (DoS) or — in a more advanced scenario — execute arbitrary code on the device with the privileges of the process handling GVRET frames. Due to the attack vector (network, no authentication required, changed scope), the compromise may affect resources beyond the directly vulnerable component.
Apply patches available from the vendor according to the references. The project source code is available at https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3. Until updates are applied, it is recommended to restrict network access to OVMS3 devices using a firewall and implement network segmentation to prevent unauthorized transmission of GVRET frames.
Open Vehicle Monitoring System 3 (OVMS3) version 3.3.005.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HOpenvehicles Open Vehicle Monitoring System
HWOpenvehicleswszystkie wersjeOpenvehicles Open Vehicle Monitoring System Firmware
OSOpenvehicles3.3.005