Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_gvret.cpp, the length field in GVRET binary data is not properly validated, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted GVRET frames.
References
| Link | Resource |
|---|---|
| https://gist.github.com/sgInnora/f4ac66faeefe07a653ceeb3f58cdc381 | Third Party Advisory |
| https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3 | Product |
| https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3/issues/1393 | Issue Tracking |
Configurations
Configuration 1 (hide)
| AND |
|
History
20 May 2026, 15:20
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://gist.github.com/sgInnora/f4ac66faeefe07a653ceeb3f58cdc381 - Third Party Advisory | |
| References | () https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3 - Product | |
| References | () https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3/issues/1393 - Issue Tracking | |
| First Time |
Openvehicles
Openvehicles open Vehicle Monitoring System Openvehicles open Vehicle Monitoring System Firmware |
|
| CPE | cpe:2.3:o:openvehicles:open_vehicle_monitoring_system_firmware:3.3.005:*:*:*:*:*:*:* cpe:2.3:h:openvehicles:open_vehicle_monitoring_system:-:*:*:*:*:*:*:* |
07 May 2026, 19:16
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
01 May 2026, 18:16
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-121 |
01 May 2026, 17:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-05-01 17:16
Updated : 2026-05-20 15:20
NVD link : CVE-2026-37541
Mitre link : CVE-2026-37541
CVE.ORG link : CVE-2026-37541
JSON object : View
Products Affected
openvehicles
- open_vehicle_monitoring_system
- open_vehicle_monitoring_system_firmware
CWE
CWE-121
Stack-based Buffer Overflow