CVE-2026-43988
Deferred Deferred - Pending Action
Denial of Service in Vanetza ASN.1/OER Parser

Publication date: 2026-05-26

Last updated on: 2026-06-01

Assigner: GitHub, Inc.

Description
Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the ASN.1/OER parsing pipeline of Vanetza. When processing malformed network packets containing corrupted ASN.1/OER structures (e.g., invalid length fields or malformed certificate encoding), the ASN.1 wrapper (asn1c_wrapper.cpp) raises a std::runtime_error. This exception is not caught at the parsing boundary and propagates to std::terminate, resulting in process termination. This vulnerability is fixed with commit 62dfe58a8342512b6e1947d75821402ada524f1a.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-26
Last Modified
2026-06-01
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-14
NVD
CVE-2026-43988
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
vanetza vanetza to 26.02 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-248 An exception is thrown from a function, but it is not caught.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Vanetza, an open-source implementation of the ETSI C-ITS protocol suite. In version 26.02 and earlier, the ASN.1/OER parsing pipeline can encounter malformed network packets containing corrupted ASN.1/OER structures, such as invalid length fields or malformed certificate encoding. When this happens, the ASN.1 wrapper raises a std::runtime_error exception that is not caught properly, causing the process to terminate unexpectedly.

Impact Analysis

The vulnerability can lead to a denial-of-service (DoS) condition by causing the Vanetza process to terminate unexpectedly when it processes malformed packets. This means that an attacker could disrupt the normal operation of systems using Vanetza by sending specially crafted network packets that trigger this failure.

Mitigation Strategies

To mitigate this vulnerability, update Vanetza to a version that includes the fix from commit 62dfe58a8342512b6e1947d75821402ada524f1a or later.

Avoid processing malformed ASN.1/OER network packets that could trigger the denial-of-service condition.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43988. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart