CVE-2026-43988
Denial of Service in Vanetza ASN.1/OER Parser
Publication date: 2026-05-26
Last updated on: 2026-05-26
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vanetza | vanetza | to 26.02 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-248 | An exception is thrown from a function, but it is not caught. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Vanetza, an open-source implementation of the ETSI C-ITS protocol suite. In version 26.02 and earlier, the ASN.1/OER parsing pipeline can encounter malformed network packets containing corrupted ASN.1/OER structures, such as invalid length fields or malformed certificate encoding. When this happens, the ASN.1 wrapper raises a std::runtime_error exception that is not caught properly, causing the process to terminate unexpectedly.
How can this vulnerability impact me? :
The vulnerability can lead to a denial-of-service (DoS) condition by causing the Vanetza process to terminate unexpectedly when it processes malformed packets. This means that an attacker could disrupt the normal operation of systems using Vanetza by sending specially crafted network packets that trigger this failure.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Vanetza to a version that includes the fix from commit 62dfe58a8342512b6e1947d75821402ada524f1a or later.
Avoid processing malformed ASN.1/OER network packets that could trigger the denial-of-service condition.