CVE-2026-30364
Stack Overflow in CentSDR Thread1 Function Causes Crash
Publication date: 2026-04-15
Last updated on: 2026-04-15
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ttrftech | cent_sdr | From e407956 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-30364 is a potential stack overflow vulnerability found in the Thread1 function of the CentSDR project. The issue arises because the thread's stack is statically allocated with only 128 bytes, but analysis shows that the actual worst-case stack usage can reach approximately 224 bytes. This means the allocated stack size is insufficient, which can cause the stack to overflow during execution.
The vulnerability was identified by analyzing the stack usage of the Thread1 call chain, which includes several functions that cumulatively require more stack space than allocated. This discrepancy can lead to system crashes or undefined behavior when the stack overflows.
How can this vulnerability impact me? :
This vulnerability can cause a stack overflow in the Thread1 function, which may lead to system instability, crashes, or unpredictable behavior in the CentSDR application. Such failures can disrupt normal operation and potentially cause loss of data or service interruptions.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by performing stack usage analysis during the build process of the CentSDR project. Specifically, enabling the compiler flag '-fstack-usage' will generate stack usage files (*.su) that show the stack requirements of each function.
To detect the vulnerability, you can add the '-fstack-usage' flag to your compiler options and then build the project. After building, inspect the generated .su files to check if the Thread1 function's stack usage exceeds the allocated 128 bytes.
Example commands to enable detection might include modifying the Makefile to add the following compiler options:
- USE_OPT = -O2 -ggdb -fomit-frame-pointer -falign-functions=16 -fstack-usage
Then build the project with your usual build command (e.g., 'make') and review the generated .su files for Thread1 stack usage.
What immediate steps should I take to mitigate this vulnerability?
An immediate mitigation step is to increase the stack size allocated to the Thread1 function to at least match or exceed the worst-case stack usage of approximately 224 bytes.
This can be done by changing the static stack allocation line in the source code from:
- static THD_WORKING_AREA(waThread1, 128);
to a larger size, for example:
- static THD_WORKING_AREA(waThread1, 256);
After increasing the stack size, rebuild the project and verify with stack usage analysis that the allocated stack size is sufficient.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this stack overflow vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.