CRITICAL🇵🇱 Wersja polska

CVE-2026-42996

CVSS 10.0v4.0pub. 2026-05-01

JS8Call through 2.3.1 and JS8Call-improved before 3.0 have a stack-based buffer overflow via a radio transmission of @APRSIS GRID followed by a long Maidenhead locator. This occurs in grid2deg in APRSISClient.cpp.

🤖 AI Analysis
How it works

The vulnerability lies in the grid2deg function in APRSISClient.cpp. When the application receives an APRS-IS message via radio with the @APRSIS GRID command, it passes the Maidenhead locator to the aforementioned function without proper data length verification. An excessively long string causes a stack-based buffer overflow (CWE-121). An attacker can deliver a malicious payload via radio transmission — without any authentication and without interaction from the victim.

Impact

Successful exploitation of the vulnerability may enable an attacker to execute arbitrary code remotely (RCE) on the machine running JS8Call. In the worst case, this could lead to complete takeover of the victim's system.

Mitigation & patch

JS8Call-improved should be updated to version 3.0 or later, where the vulnerability has been patched (commit a6c7a19b82bbd7c2c0c892576f84d7449e8c7088). For the original JS8Call (up to version 2.3.1), manufacturer references should be monitored to obtain available patches. Until updating, it is recommended to limit exposure to untrusted APRS-IS radio transmissions.

Who is affected

JS8Call version 2.3.1 and earlier, and JS8Call-improved versions before 3.0.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:D/RE:M/U:Green
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References