CVE-2026-44905
Deferred Deferred - Pending Action
Denial-of-Service in Vanetza Due to ASN.1 Semantic Validation Bypass

Publication date: 2026-05-26

Last updated on: 2026-06-01

Assigner: GitHub, Inc.

Description
Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the cryptographic verification pipeline of Vanetza. When processing incoming V2X messages, the ASN.1 decoder accepts the structure as syntactically valid. However, this reveals a logic-based protocol failure where semantic constraints on specific fields are only strictly enforced during OER re-encoding. Specifically, if a crafted packet contains a certificate where the Psid (Provider Service Identifier) sub-type violates subtype constraints (e.g., out-of-range or invalid CHOICE variant), it is accepted during initial parsing, where subtype constraints are not enforced. Later, when StraightVerifyService attempts to calculate a message hash for cryptographic verification, it must re-encode the signing certificate. The underlying ASN.1 wrapper (asn1c_wrapper.cpp) detects the semantic violation during encoding and raises a std::runtime_error. This exception is not caught within the encoding path and propagates to std::terminate, resulting in immediate process termination. This vulnerability is fixed with commit e1a2e2709210d309458c3d77f98d50dec26c0df0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-26
Last Modified
2026-06-01
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-14
NVD
CVE-2026-44905
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
vanetza vanetza to 26.02 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-248 An exception is thrown from a function, but it is not caught.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Vanetza, an open-source implementation of the ETSI C-ITS protocol suite. In versions 26.02 and earlier, there is a denial-of-service issue in the cryptographic verification pipeline. Specifically, when processing incoming V2X messages, the ASN.1 decoder accepts packets as syntactically valid even if they contain semantic violations in certain fields, such as an invalid Psid (Provider Service Identifier) sub-type.

The problem arises because these semantic constraints are only enforced later during OER re-encoding. When the system attempts to re-encode the signing certificate to calculate a message hash for cryptographic verification, it detects the semantic violation and raises an uncaught exception. This causes the process to terminate immediately, resulting in a denial-of-service condition.

Impact Analysis

This vulnerability can cause a denial-of-service (DoS) condition in systems using Vanetza for V2X message processing. An attacker can craft a malicious packet with an invalid Psid sub-type that triggers an uncaught exception during cryptographic verification, causing the process to terminate unexpectedly.

As a result, the affected system may become unavailable or stop processing messages, potentially disrupting communication in vehicular networks that rely on Vanetza for secure message verification.

Mitigation Strategies

The vulnerability is fixed with commit e1a2e2709210d309458c3d77f98d50dec26c0df0. Immediate mitigation involves updating Vanetza to a version that includes this fix.

Compliance Impact

The vulnerability causes a denial-of-service condition in the Vanetza V2X communication library by allowing crafted packets with malformed certificates to crash the process during cryptographic verification.

While the CVE description and resources do not explicitly mention compliance with standards such as GDPR or HIPAA, the primary impact is service unavailability due to denial-of-service.

Such service disruptions could indirectly affect compliance with regulations that require availability and integrity of systems processing sensitive data, but no direct link or impact on data privacy or protection requirements is stated.

Detection Guidance

This vulnerability manifests as a denial-of-service condition caused by the Vanetza process terminating unexpectedly when processing crafted V2X messages with malformed certificates. Detection can focus on monitoring for unexpected crashes or terminations of the Vanetza service.

To detect exploitation attempts or the presence of malformed packets on your network, you can monitor network traffic for suspicious V2X messages containing certificates with invalid Provider Service Identifier (Psid) subtypes.

Since the vulnerability triggers a std::runtime_error during certificate re-encoding, system logs or application logs showing such exceptions or process crashes can be indicators.

  • Use system service monitoring commands to detect Vanetza process crashes, for example: `systemctl status vanetza` or `journalctl -u vanetza` on Linux systems.
  • Monitor application logs for uncaught exceptions or termination messages related to certificate encoding errors.
  • Capture and analyze network traffic with tools like tcpdump or Wireshark filtering for V2X protocol messages to identify malformed certificates. Example command: `tcpdump -i <interface> -w capture.pcap` followed by analysis in Wireshark.
  • If you have access to the Vanetza source or debugging environment, consider adding logging around the certificate verification and encoding functions to detect when invalid Psid subtypes are processed.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44905. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart