CVE-2026-42996

CRITICAL

JS8Call < 2.3.1 and JS8Call-improved < 3.0 - Stack-based Buffer Overflow via Long Maidenhead Locator in APRSISClient.cpp

Title source: llm

Description

JS8Call through 2.3.1 and JS8Call-improved before 3.0 have a stack-based buffer overflow via a radio transmission of @APRSIS GRID followed by a long Maidenhead locator. This occurs in grid2deg in APRSISClient.cpp.

References (4)

Core 4

Core References

https://github.com/JS8Call-improved/JS8Call-improved/security/advisories/GHSA-98hp-pjp7-w62x

https://amateur-radio-resources.sourceforge.io/PDF/JS8APRS.pdf

https://github.com/js8call/js8call/blob/fd721e8b67eed84cb3c09d018205ab9a53e1a8b1/APRSISClient.cpp#L89-L102

View Writeup ZIP pw:eip

https://github.com/JS8Call-improved/JS8Call-improved/commit/a6c7a19b82bbd7c2c0c892576f84d7449e8c7088

View Patch ZIP pw:eip

Scores

CVSS v4 10.0

EPSS 0.0048

EPSS Percentile 37.4%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:D/RE:M/U:Green

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-121

Status published

Products (2)

JS8Call/JS8Call < 2.3.1

JS8Call-improved/JS8Call-improved < 3.0

Published May 01, 2026

Tracked Since May 01, 2026