CVE-2026-56790

HIGH

CANBoat - Off-by-One Global Buffer Overflow in searchForPgn()

Title source: cna
STIX 2.1

Description

CANBoat through 6.22, fixed in commit a5a22b7, contains an off-by-one global buffer overflow in the searchForPgn() function in analyzer/pgn.c that allows remote attackers to crash the application. Attackers can deliver a crafted NMEA-2000 message with an out-of-range PGN value over CAN bus or N2K-over-IP to trigger an out-of-bounds array access and denial of service.

References (4)

Core 4

Scores

CVSS v3 7.3
EPSS 0.0022
EPSS Percentile 11.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-193
Status published
Products (2)
canboat/canboat < 6.22
canboat/canboat a5a22b74b9ac5688019cba62669df08562cebd6f
Published Jun 25, 2026
Tracked Since Jun 26, 2026