CVE-2026-37541
Buffer Overflow in Open Vehicle Monitoring System 3
Publication date: 2026-05-01
Last updated on: 2026-05-01
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| open_vehicle_monitoring_system | open_vehicle_monitoring_system | 3.3.005 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The impact of this vulnerability can be severe. An attacker can remotely exploit it to cause a denial of service, making the Open Vehicle Monitoring System unavailable. Worse, the attacker might execute arbitrary code on the affected system, potentially gaining control over it. Given the CVSS score of 10.0, this indicates a critical risk with high confidentiality, integrity, and availability impacts.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) affects compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
This vulnerability is a buffer overflow in the Open Vehicle Monitoring System 3 (OVMS3) version 3.3.005. Specifically, it occurs in the canformat_gvret.cpp file where the length field in GVRET binary data is not properly validated. This flaw allows remote attackers to send specially crafted GVRET frames that can cause the system to crash (denial of service) or potentially execute arbitrary code.