CVE-2026-42996
CriticalSummary
JS8Call versions 2.3.1 and earlier, as well as JS8Call-improved before version 3.0, have a stack-based buffer overflow vulnerability that occurs during a radio transmission of @APRSIS GRID followed by a long Maidenhead locator. This issue occurs in the grid2deg function in APRSISClient.cpp.
Risk Assessment
Stack-based buffer overflow can lead to arbitrary code execution, posing a significant threat to system security and user data.
Recommendation
It is recommended to upgrade to JS8Call version 3.0 or later to mitigate this vulnerability and reduce the associated risks.
Original NVD description (English source)
JS8Call through 2.3.1 and JS8Call-improved before 3.0 have a stack-based buffer overflow via a radio transmission of @APRSIS GRID followed by a long Maidenhead locator. This occurs in grid2deg in APRSISClient.cpp.

