Primary

Context

Open Vehicle Monitoring System 3 Buffer Overflow Vulnerability in GVRET Frame Parsing

Vulnerability

A buffer overflow vulnerability has been identified in Open Vehicle Monitoring System 3 (OVMS3) version 3.3.005. The issue arises in the GVRET log format parser, where the length field in GVRET binary data is not properly validated. This lack of validation allows remote attackers to send crafted GVRET frames that can cause a denial of service or potentially execute arbitrary code.

Impact

Exploitation of this vulnerability leads to a stack buffer overflow, which can cause heap corruption and allow for arbitrary code execution.

Reproduction

To reproduce this vulnerability, send a crafted GVRET frame with an oversized length field that exceeds the buffer size in the 'canformat_gvret.cpp' parser. The frame can be delivered over the network or directly on the local CAN bus.

Added: May 1, 2026, 5:23 PM

Updated: May 1, 2026, 5:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.8

remediation

0.0

relevance

7.2

threat

4.8

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.8

remediation

0.0

relevance

7.2

threat

4.8

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Open Vehicle Monitoring System 3 Buffer Overflow Vulnerability in GVRET Frame Parsing

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating