CVE-2026-37541
CriticalSummary
CVE-2026-37541 describes a buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) version 3.3.005. Improper validation of the length field in GVRET binary data allows remote attackers to cause a denial of service or potentially execute arbitrary code via crafted GVRET frames.
Risk Assessment
This vulnerability could lead to significant disruptions in system operation and allow attackers to gain control over the system, posing a security threat to the organization.
Recommendation
It is recommended to update the OVMS3 system to the latest version that includes security patches and to implement additional monitoring and protection mechanisms against remote attacks.
Original NVD description (English source)
Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_gvret.cpp, the length field in GVRET binary data is not properly validated, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted GVRET frames.

