Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_gvret.cpp, the length field in GVRET binary data is not properly validated, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted GVRET frames.
AnalysisAI
Remote code execution in Open Vehicle Monitoring System 3 (OVMS3) version 3.3.005 allows network-based attackers to execute arbitrary code or crash the system without authentication. A buffer overflow in the GVRET CAN data parser (canformat_gvret.cpp) fails to validate length fields in binary frames, enabling memory corruption. CVSS 10.0 reflects unauthenticated network vector with scope change, but no public exploit or active exploitation confirmed at time of analysis. EPSS data unavailable; real-world risk depends on OVMS3 deployment exposure (typically vehicle telematics environments).
Technical ContextAI
OVMS3 is an open-source vehicle monitoring and telematics platform that interfaces with automotive CAN bus networks. The vulnerable component is canformat_gvret.cpp, which parses GVRET (Generalized Vehicle Reverse Engineering Tool) binary frame format used for CAN bus data transmission. GVRET frames contain a length field that controls buffer operations; lack of bounds checking allows attackers to specify lengths exceeding allocated buffer sizes, triggering classic stack or heap-based buffer overflow. The vulnerability is exploitable over network protocols that accept GVRET frames, likely TCP/IP connections to the OVMS3 web interface or API endpoints. CPE data (cpe:2.3:a:n/a:n/a) is a placeholder indicating vendor/product fields not yet populated in NVD, but GitHub reference confirms the openvehicles/Open-Vehicle-Monitoring-System-3 repository as the affected codebase.
RemediationAI
No vendor-released patch version or security advisory identified from provided references at time of analysis. GitHub repository reference (https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3) should be monitored for commits addressing CVE-2026-37541 or canformat_gvret.cpp buffer overflow fixes. GIST reference (https://gist.github.com/sgInnora/f4ac66faeefe07a653ceeb3f58cdc381) may contain vulnerability details or POC but does not constitute an official patch. Compensating controls until patch available: (1) Block network access to OVMS3 GVRET ingestion endpoints from untrusted sources using firewall rules-restrict to local vehicle network only; this eliminates remote attack vector but may break legitimate remote monitoring features. (2) Disable GVRET frame processing if alternative CAN data formats are available; verify compatibility with monitoring workflows before deployment. (3) Deploy OVMS3 behind network segmentation with IDS/IPS monitoring for malformed GVRET frames containing anomalous length fields; configure detection rules for length values exceeding typical CAN frame sizes (8-64 bytes). Monitor vendor GitHub repository and security mailing lists for official fix announcements.
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26694