CVE-2026-42996
Received Received - Intake
Stack-based Buffer Overflow in JS8Call via Maidenhead Locator

Publication date: 2026-05-01

Last updated on: 2026-05-01

Assigner: MITRE

Description
JS8Call through 2.3.1 and JS8Call-improved before 3.0 have a stack-based buffer overflow via a radio transmission of @APRSIS GRID followed by a long Maidenhead locator. This occurs in grid2deg in APRSISClient.cpp.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-01
Last Modified
2026-05-01
Generated
2026-06-16
AI Q&A
2026-05-01
EPSS Evaluated
2026-06-15
NVD
CVE-2026-42996
EUVD
EUVD-2026-26482
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
js8call js8call to 3.0 (exc)
js8call js8call_improved to 3.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-42996 is a stack-based buffer overflow vulnerability in the JS8Call software (versions through 2.3.1 and JS8Call-improved before 3.0). It occurs when processing APRS GRID messages that contain a long Maidenhead locator string. The vulnerability arises from improper bounds checking in the grid2deg function, which leads to fixed-size stack arrays being overwritten without proper validation.

This flaw can be triggered remotely via radio transmissions because APRS reporting is enabled by default. An attacker can send a specially crafted grid locator string that causes a stack overflow, potentially crashing the application.

Impact Analysis

The vulnerability can lead to a denial-of-service (DoS) condition by crashing the JS8Call application when it processes a maliciously crafted APRS GRID message with an excessively long grid locator.

Because the vulnerability is remotely exploitable via radio transmissions without user interaction, it poses a significant risk of service disruption for users relying on JS8Call for APRS communications.

Detection Guidance

This vulnerability can be detected by monitoring for abnormal or malformed APRS GRID messages, specifically those containing unusually long Maidenhead locator strings sent to the @APRSIS group. Since the vulnerability is triggered by a stack-based buffer overflow in the grid2deg function when processing these messages, detecting such long or malformed grid locator transmissions is key.

You can inspect network traffic or radio transmissions for APRS messages formatted as "@APRSIS GRID" followed by a grid locator string. Commands or tools that capture and filter APRS packets could be used to identify suspiciously long grid locator strings.

For example, if you have access to a system running JS8Call or a compatible APRS client, you might use packet capture tools (like Wireshark or tcpdump) with filters for APRS traffic, then search for messages containing "@APRSIS GRID" with grid locators exceeding typical length (usually up to 12 characters).

Mitigation Strategies

Immediate mitigation steps include updating JS8Call or JS8Call-improved to version 3.0 or later, where the stack-based buffer overflow vulnerability in the grid2deg function has been addressed.

If updating is not immediately possible, consider disabling or filtering incoming APRS GRID messages from untrusted sources to prevent maliciously crafted long grid locator strings from triggering the overflow.

Additionally, monitoring and limiting the rate of APRS packet transmissions can help reduce the risk of denial-of-service conditions caused by exploitation attempts.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42996. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart