CVE-2026-42996
Stack-based Buffer Overflow in JS8Call via Maidenhead Locator
Publication date: 2026-05-01
Last updated on: 2026-05-01
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| js8call | js8call | to 3.0 (exc) |
| js8call | js8call_improved | to 3.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-42996 is a stack-based buffer overflow vulnerability in the JS8Call software (versions through 2.3.1 and JS8Call-improved before 3.0). It occurs when processing APRS GRID messages that contain a long Maidenhead locator string. The vulnerability arises from improper bounds checking in the grid2deg function, which leads to fixed-size stack arrays being overwritten without proper validation.
This flaw can be triggered remotely via radio transmissions because APRS reporting is enabled by default. An attacker can send a specially crafted grid locator string that causes a stack overflow, potentially crashing the application.
How can this vulnerability impact me? :
The vulnerability can lead to a denial-of-service (DoS) condition by crashing the JS8Call application when it processes a maliciously crafted APRS GRID message with an excessively long grid locator.
Because the vulnerability is remotely exploitable via radio transmissions without user interaction, it poses a significant risk of service disruption for users relying on JS8Call for APRS communications.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for abnormal or malformed APRS GRID messages, specifically those containing unusually long Maidenhead locator strings sent to the @APRSIS group. Since the vulnerability is triggered by a stack-based buffer overflow in the grid2deg function when processing these messages, detecting such long or malformed grid locator transmissions is key.
You can inspect network traffic or radio transmissions for APRS messages formatted as "@APRSIS GRID" followed by a grid locator string. Commands or tools that capture and filter APRS packets could be used to identify suspiciously long grid locator strings.
For example, if you have access to a system running JS8Call or a compatible APRS client, you might use packet capture tools (like Wireshark or tcpdump) with filters for APRS traffic, then search for messages containing "@APRSIS GRID" with grid locators exceeding typical length (usually up to 12 characters).
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating JS8Call or JS8Call-improved to version 3.0 or later, where the stack-based buffer overflow vulnerability in the grid2deg function has been addressed.
If updating is not immediately possible, consider disabling or filtering incoming APRS GRID messages from untrusted sources to prevent maliciously crafted long grid locator strings from triggering the overflow.
Additionally, monitoring and limiting the rate of APRS packet transmissions can help reduce the risk of denial-of-service conditions caused by exploitation attempts.