CVE-2026-30364
Received Received - Intake
Stack Overflow in CentSDR Thread1 Function Causes Crash

Publication date: 2026-04-15

Last updated on: 2026-04-15

Assigner: MITRE

Description
CentSDR commit e40795 was discovered to contain a stack overflow in the "Thread1" function.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-15
Last Modified
2026-04-15
Generated
2026-06-16
AI Q&A
2026-04-15
EPSS Evaluated
2026-06-15
NVD
CVE-2026-30364
EUVD
EUVD-2026-22937
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ttrftech cent_sdr From e407956 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-30364 is a potential stack overflow vulnerability found in the Thread1 function of the CentSDR project. The issue arises because the thread's stack is statically allocated with only 128 bytes, but analysis shows that the actual worst-case stack usage can reach approximately 224 bytes. This means the allocated stack size is insufficient, which can cause the stack to overflow during execution.

The vulnerability was identified by analyzing the stack usage of the Thread1 call chain, which includes several functions that cumulatively require more stack space than allocated. This discrepancy can lead to system crashes or undefined behavior when the stack overflows.

Impact Analysis

This vulnerability can cause a stack overflow in the Thread1 function, which may lead to system instability, crashes, or unpredictable behavior in the CentSDR application. Such failures can disrupt normal operation and potentially cause loss of data or service interruptions.

Detection Guidance

This vulnerability can be detected by performing stack usage analysis during the build process of the CentSDR project. Specifically, enabling the compiler flag '-fstack-usage' will generate stack usage files (*.su) that show the stack requirements of each function.

To detect the vulnerability, you can add the '-fstack-usage' flag to your compiler options and then build the project. After building, inspect the generated .su files to check if the Thread1 function's stack usage exceeds the allocated 128 bytes.

Example commands to enable detection might include modifying the Makefile to add the following compiler options:

  • USE_OPT = -O2 -ggdb -fomit-frame-pointer -falign-functions=16 -fstack-usage

Then build the project with your usual build command (e.g., 'make') and review the generated .su files for Thread1 stack usage.

Mitigation Strategies

An immediate mitigation step is to increase the stack size allocated to the Thread1 function to at least match or exceed the worst-case stack usage of approximately 224 bytes.

This can be done by changing the static stack allocation line in the source code from:

  • static THD_WORKING_AREA(waThread1, 128);

to a larger size, for example:

  • static THD_WORKING_AREA(waThread1, 256);

After increasing the stack size, rebuild the project and verify with stack usage analysis that the allocated stack size is sufficient.

Compliance Impact

The provided information does not specify any direct impact of this stack overflow vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-30364. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart